Compliance Hub

Compliance shouldn't be a mystery — or a scramble.

When a client, insurer, or regulator asks about your security posture, you should have a clear, current answer. Here's how we help mid-sized firms get there and stay there.

The foundation

The ACSC Essential 8, explained

The Essential 8 is the Australian Cyber Security Centre's baseline set of mitigation strategies. We assess your current maturity against all eight and build a prioritised roadmap — not a generic checklist.

01

Application control

Only approved applications can run, limiting what malicious software can execute.

02

Patch applications

Known vulnerabilities in business applications closed on a managed schedule.

03

Configure Office macro settings

Macros restricted to trusted, signed sources — a common entry point for malware blocked by default.

04

User application hardening

Browsers and applications configured to remove risky, rarely-used features attackers rely on.

05

Restrict administrative privileges

Admin rights limited to who genuinely needs them, reducing the blast radius of a compromised account.

06

Patch operating systems

Operating system vulnerabilities closed promptly across every device, not just servers.

07

Multi-factor authentication

A stolen password alone is no longer enough to access your systems.

08

Regular backups

Tested, isolated backups that let you recover without paying a ransom or losing client data.

Privacy Act 1988

Australian Privacy Principles & data breach obligations

If your firm handles client personal information, the Australian Privacy Principles and the Notifiable Data Breaches scheme likely apply. We review how data is collected, stored, and disposed of, and make sure your breach response plan is more than a document nobody has read.

Cyber insurance

Readiness reporting insurers actually want

Insurers are asking harder questions before issuing or renewing cyber policies. We map your controls to what's typically requested — MFA coverage, backup testing, endpoint protection — and help you document it.

Compliance review

Get a clear picture of where you stand.

A no-obligation Essential 8 and Privacy Act review, with a prioritised, plain-English action plan.