CYBER SERVICES

Your business is being targeted. Here is what AU and NZ businesses like yours are doing about it.

An insurer is asking questions. A client requires certification. A regulator is arriving. Pick the situation that sounds like yours — there is a clear path through it.

Not sure where to start? See how the standards connect →

What brought you here?

Pick the situation that sounds like yours

Most clients arrive because something specific happened. Pick the one that sounds like yours.

⚠️

"The Privacy Act small business exemption ends 1 July 2026. We have not started."

Act now — deadline approaching

🛡️

"My insurer is asking about security controls I cannot evidence."

Cyber Insurance Readiness

📋

"A client or tender requires ISO 27001 and I do not know what is involved."

ISO 27001 Certification

✅

"A client questionnaire is asking about Essential Eight maturity. I do not know where we stand."

Essential Eight

⚙️

"Our Microsoft 365 has never been reviewed since it was configured."

M365 Security Review

🗺️

"I keep hearing different standards mentioned. I do not understand how they relate or where to start."

See how the standards connect

🌱

"I know I need to do something about security but I'm not sure where to begin or in what order."

See a typical maturity path

Getting Started

Start here — fixed fee, fast, no obligation

Each assessment is a defined scope with a clear deliverable. Find out where you stand before committing to anything larger.

Cyber Risk Snapshot

Structured governance review of your current security posture. Plain-language risk report and prioritised action plan. The generalist starting point when you're not sure which framework applies.

2–3 weeksAll sectors

Learn more

ISO 27001 Readiness Assessment

Gap analysis against ISO 27001:2022 — Annex A controls and ISMS requirements. Maps what exists, what's missing, and what your MSP already covers. Realistic cost and effort estimate included.

2–3 weeksFixed fee

Learn more

Essential Eight Maturity Assessment

Independent scorecard per strategy against your target maturity level. Evidence pack for government contracts and insurers. Maps your current ML and identifies gaps to target.

1–2 weeksAU government

Learn more

Privacy Health Check

Data flow mapping, compliance gap analysis against the Privacy Act, and practical recommendations. Surfaces obligations you may not know you have.

2 weeksAU/NZ Privacy Act

Learn more

M365 Security Review

Configuration review of Entra ID, Exchange, SharePoint, Teams, and Defender against security benchmarks. Hands deliverable to your MSP for technical remediation.

1–2 weeksMicrosoft 365

Learn more

Cyber Insurance Readiness

Security posture mapped to insurer requirements. Evidence pack for your renewal. Identifies gaps that are likely to affect premiums or coverage.

1–2 weeksPre-renewal

Learn more

Go deeper

In a Box & Strategic services

Most clients start with a Getting Started assessment, then move into In a Box or Strategic services based on what the assessment reveals.

Privacy Act Compliance

The small business exemption ends 1 July 2026. 4–6 week sprint to get compliant before the deadline.

SMB1001 Certification

Internationally recognised cybersecurity certification built for businesses your size. Bronze in weeks, not months.

Client-Ready Security

Documented security posture and evidence pack for winning and retaining enterprise clients. Don't lose a contract over a questionnaire.

Security Awareness Training

Practical training for your team. Phishing simulations, AI data leakage, and compliance-focused programmes.

Incident Response Planning

72-hour reporting obligations. Ransomware decision tree. Documented plan before you need one.

Policy & Procedure Documentation

Insurer requires it. Client questionnaire needs it. Written for your context — not boilerplate.

Cyber Risk Assessments

Supply chain questionnaires, board risk reporting, vendor assessments. Translates technical risk into business language.

M365 Ongoing Security

Quarterly configuration reviews, policy updates, and configuration drift monitoring for your Microsoft environment.

Web App Security Testing

Bronze (non-intrusive config review), Silver (OWASP Top 10), or Gold (ASVS compliance). Annual evidence for clients and insurers.

vCISO / Security Leadership

Monthly security programme management. Who in your organisation owns security? If the answer is unclear, that is the gap we fill.

ISO 27001 Certification

Your client or tender requires it. Full ISMS build through to certification — the most direct path for a business your size.

Essential Eight Implementation

Enterprise clients are pushing E8 requirements down their supply chains. Systematic implementation to your target maturity level.

Privacy Framework

Privacy is not a sprint — it is an ongoing programme. AU Privacy Act and NZ Privacy Act 2020 coverage.

ISO 42001 — AI Governance

AI management system implementation for organisations building or deploying AI.

DISP

The door to AU defence work requires DISP accreditation. AUKUS is expanding the supply chain.

ST4S — NZ Schools

Safer Technologies for Schools. A contract requirement for EdTech providers selling to NZ schools.

ISO 27701 — Privacy

Privacy information management system extending your ISO 27001 ISMS.

ISO 27017/27018 — Cloud

Cloud security and privacy controls for SaaS providers and cloud-native organisations.

One foundation

Different frameworks, same core disciplines

ISO 27001. Essential Eight. Privacy Act. Cyber insurance. Different names, different acronyms, but the same core disciplines underneath — asset management, access control, incident response, risk assessment, documentation.

Work done toward one requirement builds the foundation for others. You are not solving five separate problems. You are building one security foundation and applying it where it is needed.

See how the standards connect and which path fits your situation →

See typical SME security journeys, step by step →

ISO 27001 Essential Eight Privacy Cyber Insurance M365 Security AI Governance

📦

Asset Management

Know what you've got

🔑

Access Control

Control who can touch it

🚨

Incident Response

Have a plan when it breaks

📊

Risk Assessment

Understand what matters

How we work

Fixed scope. Fixed fee. No surprises.

Every engagement starts with a defined assessment and ends with an honest answer.

Fixed-fee assessment

A defined scope, a clear deliverable, and an honest answer. No open-ended discovery phases. No obligation beyond the engagement.

Scoped implementation

If the findings point to a larger piece of work, we scope that separately. Same model: fixed scope, fixed fee, no surprises.

Independent advice

No technology partnerships, no products to resell, no MSP services to protect. Our only interest is giving you an accurate picture.

Who we work with

Businesses across Australia and New Zealand

You have an MSP handling your technical security. What you do not have is the oversight layer — the policies, risk frameworks, and compliance documentation that sit above the technology.

The pattern is the same regardless of industry. An external trigger has created a question your current setup cannot answer. We help you answer it.

Healthcare Education & EdTech Government Contractors Professional Services Construction Defence Supply Chain Financial Services

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.