Cybercraft
← Back to In a Box services In a Box · One-Time

Your insurer wants a security policy. Your client's questionnaire requires one. Do you have one?

A complete policy set written around how your business actually operates — your technology stack, your MSP arrangement, your team. Not generic templates with your logo dropped in.

What's in the box

The pressure usually comes from outside: an insurer asking for documented policies before they'll renew, a client questionnaire that requires evidence, a procurement team that won't approve a vendor without a policy register. Whatever the trigger, the outcome is the same — you need policies that are real, not downloaded templates.

This package produces a complete policy set tailored to how you actually operate. Written around your technology stack, your MSP arrangement, your team size, and your regulatory obligations. Each policy is practical and enforceable — not abstract security theory that no one follows.

If you're also working toward SMB1001, Essential Eight, or need to respond to client security questionnaires, this policy foundation feeds directly into those programmes.

Deliverables

  • Information Security Policy (overarching)
  • Acceptable Use Policy — including AI tool usage
  • Access Control Policy
  • Data Classification and Handling Policy
  • BYOD and Remote Working Policy
  • Supporting procedures and guidelines
  • Policy register and review schedule

Business benefits

  • Confident responses to insurer and client security questionnaires
  • Foundation documentation for SMB1001, Essential Eight, or ISO 27001
  • Clear expectations for staff — documented, not assumed
  • Policies that reflect your actual operations, so they're enforceable in practice

Engagement process

Context gatheringWe learn your technology stack, MSP arrangement, team structure, and regulatory environment — the policies are written around your reality, not a generic baseline.
DraftingEach policy is drafted to reflect how your organisation actually operates. No boilerplate — every clause is specific to your environment.
Stakeholder reviewDraft policies reviewed with your leadership and key stakeholders. Feedback incorporated, edge cases addressed.
FinalisationPolished documents delivered in your branding, with a policy register and scheduled review dates built in.
HandoverWalkthrough of the complete policy set, guidance on staff rollout, and recommendations for keeping them current.
Get your policies written

Policies that exist on paper but reflect your actual business — not a template

Tell us what's driven the conversation — insurer, client questionnaire, or framework compliance — and we'll scope it from there.

Get your policies written

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.