Question 1

How long does ISO 27001 readiness take, and what does it cost?

Accepted Answer

Twelve weeks from kickoff to audit-ready for a typical 10–50 person firm on Microsoft 365 — fixed scope, fixed price. We quote the number on the discovery call before you sign anything. Multi-tenant M365, on-premise systems, or regulated workloads add 4–8 weeks; we say so up front.

Question 2

We don’t have a Big-Four budget — but our internal IT can’t do this alone. Where do we fit?

Accepted Answer

You’re who we’re built for. Australian SMBs with 10–50 people on Microsoft 365 who’ve outgrown a managed services provider but can’t justify a full-time security hire. Senior engineers do the work in your tenant — no junior consultant rotation, no offshore handoffs. The person who scopes is the person who runs it.

Question 3

How fast can our Microsoft 365 tenant actually be hardened?

Accepted Answer

Four to six weeks. MFA plus Conditional Access baseline, DLP and sensitivity labels rolled out, audit logging and alerting tuned, endpoints hardened with Intune. Configured by a senior engineer inside your tenant — not a deck handed back at the end.

Question 4

After ISO 27001 readiness, who stops the controls from rotting?

Accepted Answer

Most ISO controls drift within a quarter if no one owns them. Aegentra On-demand IT is built for exactly that gap — a senior engineer on call for your tenant, Aeges re-runs every quarter, same-day response for tickets and incidents. You walk into surveillance audits with no surprises, and the audit-ready state you paid for stays paid for.

Question 5

Does On-demand IT replace our internal team, or sit alongside it?

Accepted Answer

Either. Some clients have no IT function and we are it. Others run BAU internally and we are the senior bench they escalate to — onboarding, offboarding, change requests, security incidents, M365 advisory. Month-to-month, both ways.

Question 6

Where does our data go during an Aeges scan?

Accepted Answer

Read-only against your tenant through the Microsoft 365 admin APIs. The assessment and report are stored in your SharePoint at a location you nominate. We retain only the configuration metadata needed to support you, held in an Australian-hosted environment. Your data does not leave your tenant.

Question 7

Do you provide the certification audit yourselves?

Accepted Answer

No — that would be a conflict of interest. ISO 27001 audits are performed by accredited certification bodies. We work alongside the auditor you choose; if you don’t have one, we keep a current list of bodies our clients have used.

Question 8

Are you a Microsoft Solutions Partner?

Accepted Answer

Yes — Microsoft Solutions Partner with the Security designation. Senior engineers carry MS-500, SC-200, SC-300, and SC-400. Verifiable on Microsoft’s partner directory and through our team’s Credly badges.

Question 9

What are the contract terms — are we locked in?

Accepted Answer

No. ISO readiness and M365 hardening are fixed-scope, fixed-price project engagements — milestones in the SoW, no lock-in. On-demand IT is month-to-month. If we’re not earning the fee, you shouldn’t be paying it.

Question 10

Are you based in Australia?

Accepted Answer

Melbourne. All staff are Australian residents; no offshore handoffs. We work with clients across Australia and New Zealand. Operating entity: Hans Division Group Pty Ltd, ACN 678 444 463.

Senior-engineer cybersecurity for Australian SMBs.