Compliance Frameworks

Australia’s baseline model for cyber resilience, focused on practical, high‑impact controls. Assessments include maturity scoring across application control, patching, MFA, backups, and other core safeguards.

Best for: Australian organisations seeking a defensible, insurer‑aligned uplift path.

A globally recognised, prioritised set of technical safeguards. Assessments map vulnerabilities, configurations, identity risks, and endpoint findings to CIS Controls to provide a clear, actionable roadmap.

Best for: Organisations wanting a practical, internationally aligned control framework.

A high‑level framework that organises security activities into five functions: Identify, Protect, Detect, Respond, and Recover. Provides a simple, strategic view of cyber maturity without requiring a full governance audit.

Best for: Organisations wanting a clear, insurer‑friendly maturity snapshot.

A streamlined control set designed specifically for small and medium businesses. Focuses on essential technical safeguards, identity hygiene, configuration hardening, and basic operational practices.

Best for: SMB all-rounder, great for improving cyber posture, with the option to progress toward formal SMB1001 verification. 

A foundational security standard focused on five core technical controls: firewalls, secure configuration, access control, malware protection, and patch management. Provides a simple, practical baseline for reducing common cyber threats.

Best for: Organisations wanting a lightweight, internationally recognised security baseline.

A European cybersecurity standard that sets mandatory requirements for risk management, incident reporting, access control, and operational resilience. Assessments highlight gaps against NIS2’s core security measures and outline practical steps toward compliance readiness.

Best for: Organisations operating in or supporting EU markets that need to demonstrate alignment with NIS2 expectations.

Technical assessments aligned to PCI DSS requirements, including vulnerabilities, configurations, and identity‑related risks.

Best for: Organisations handling cardholder data that require technical evidence for PCI compliance.

Technical assessments aligned to HIPAA safeguard requirements, supporting organisations that handle or process health‑related information.

Best for: Software vendors, clinics, and service providers working with health data.

 

• NIST SP 800‑53
• NIST SP 800‑171
• GDPR
• and more...

If a framework isn’t listed, please reach out — we can confirm whether it’s something we support and guide you on the best assessment pathway.