• +61 2 9241 1344
Become a Client

Cyber Assure

Every entity is different in size and complexity. Regulators encourage an information security capability commensurate with size and complexity. To assure regulators or your clients, lets discover your needs:

I am an APRA-Regulated Entity

I am a Vendor of an APRA-Regulated Entity

I need E8 or ISO 27001 assurance

Lets start with a gap analysis

I am not sure

APRA-Regulated Entities

Complying with Prudential Standards set by the Australian Prudential Regulation Authority (APRA) can be highly complex as standards rapidly evolve. We have over three decades of experience working with APRA, uplifting cyber resilience for banks, insurers, and much more. We understand the complexity of alignment with Prudential Standards CPS 230 Operational Risk Management and CPS 234 Information Security.

Services include but are not limited to:

  • Information Security Strategy and Transformation
  • Risk and Control Assessment, Testing and Remediation
  • Third Party Risk Management
  • Incident Response and Tabletop Exercises
  • Business Continuity and Disaster Recovery Integration
  • Metric Frameworks and Attestations
  • Board Reporting Packs
  • Root Cause Analysis and Forensic Investigation
  • 30/60/90-day Planning
As an appointed independent practitioner for various multinational insurers by APRA during the CPS 234 Tripartite Review period, we understand the quality and expectations of APRA better than most.
Learn More about APRA Compliance

Vendor of APRA-Regulated Entities

We help you meet customer due-diligence and Prudential Standard assurance requirements so you can win and retain regulated clients. Expect rapid gap assessment, expert guidance to remediate existing controls, security addenda to uplift outdated contracts, service descriptions and SOC-style evidence guidance, coaching for security questionnaires and alternate assurance options, and remote or onsite audits.

In a world where automated attestation is a favourable option, it simply does not meet the requirements of APRA for material service providers. Having worked with major insurers to resolve the depth of vendor assessments to meet APRA expectations, we know what you need to look for. Our unique approach considers the Global Internal Audit Guidelines defined by the Institute of Internal Auditors. This method has allowed us to develop proprietary assessments that capture the nuances between different standards used internationally. 

Learn More about APRA Compiance for Vendors

Assure E8 or ISO 27001

Whether you are targeting E8 Maturity uplift or ISO 27001 certification, we run readiness reviews, define scope, and implement the controls that matter. From identity management to secure development and supplier risk. We then perform internal audits, prepare artefacts for assessors, and guide you through certification or formal attestation.

Essential Eight:

  • We provide maturity-based Essential Eight reviews for all levels of maturity starting from 0. 
  • Assessments in line with the Cyber Security NSW Information Security Manual (ISM) and Assessment Guidelines.
  • Comprehensive Cyber Security NSW Cyber Security Guidelines – Local Government Assessments (supersedes Mandatory 25).

ISO 27001:

  • Initial Risk Assessment and Statement of Applicability (SoA) development for any entity seeking ISO 27001 certification.
  • Control Implementation to prepare for operation and certification audit.
  • Facilitation of the audit process and assistance with remediation of any potential findings.
  • Independent audits of already certified entities for added assurance.
We also provide audit and assurance services pertaining to third party assessments such as SIG Lite and SIG Core.
Learn More about Essential Eight and ISO 27001

Lets start with a Gap Analysis

Before considering any kind or audit or assurance, you need to know where you stand. A gap analysis is usually the place to start, with a current-state review across people, process, technology and vendors. We deliver a concise heatmap, risk-ranked findings, and a practical 30/60/90-day remediation roadmap with quick wins, costed initiatives, ownership, and templates (policies, standards, playbooks) to accelerate execution.

Even if you have no information security framework and are looking for a place to start, a gap analysis provides the strategic guidance needed to reduce cost, improve efficient implementation and carefully consider resourcing requirements. 

Learn More about a Cyber Gap Analysis

Not sure where to start

We pair this with simple policies, a starter risk register, and ongoing coaching to build momentum and confidence, without overwhelming resources.

Learn More about starting your Cyber Risk Journey

Would you like to know more about our Cyber Resilience services and capabilities?

Contact us today