The ACSC's Essential Eight is the de-facto Australian security baseline. It's assessed as a package across all eight strategies, and your weakest one caps your maturity rating. We measure where you actually sit - implementation and effectiveness, not a paper survey - against your target level, and give you the roadmap to close the gap.
Ready to scope Essential 8 Gap Analysis for your business?
Every inclusion below is documented, delivered, and renewable under our standard agreement. No surprise scope. No silent exclusions.
Every strategy assessed - patch applications, patch operating systems, MFA, restrict admin privileges, application control, restrict Office macros, user application hardening, regular backups - against the current November 2023 model.
Scored to your target Maturity Level. Most SMBs aim for ML1 as a baseline; firms with government or enterprise contracts typically need ML2. We score honestly - the lowest strategy caps the rating.
We assess implementation and effectiveness, structured to match the ACSC Essential Eight Assessment Process Guide - reviewing live configuration, not sighting a policy document and calling it done.
The gap to your target level per strategy, with remediation ranked by effort and risk reduction, and the quick wins flagged.
Evidence structured the way an insurer's questionnaire or a prime contractor's supply-chain check expects it. You keep the report and the raw data.
Knowing where a service stops matters as much as knowing what it covers. Here’s what sits outside this engagement - so there are no awkward surprises later.
The Essential Eight is mandated for Australian government entities, not private businesses. We won't tell you it's the law for an SMB. For you the pressure is real but commercial - contracts, supply chains, and cyber insurance - and we'll be straight about which applies.
The assessment measures and maps the gap. Closing it to your target maturity is the Compliance Foundation Programme - a separate engagement you can action yourself or with us.
We assess and assemble evidence to the standard an assessor expects. A formal independent attestation, where a contract requires one, comes from an accredited assessor - which we'll scope and coordinate.
Every engagement runs the same four steps. You always know which one we’re in and what comes next.
We map your current state and agree exactly what's in and out, in writing, before any work or invoice. No surprise scope, no silent exclusions.
A documented plan with milestones, owners, and success criteria you can hold us to - so you know what good looks like before we start.
We do the work with change control and your sign-off at each gate. You see progress against the plan, not a black box.
Ongoing management, published performance, and a quarterly review that keeps the work honest and the roadmap current.
Auditors and insurers increasingly want both CIS Controls v8 and the Essential Eight. They overlap, but they aren't the same shape. Here's the control-by-control mapping we use - and the four CIS controls the Essential Eight quietly leaves you exposed on.
Read articleCompliance · 6 min readThe Essential Eight has three maturity levels. Most SMBs reach for ML2 or ML3 because the number looks better. Here's why ML1, done honestly, beats ML2 done badly - and what the gap actually costs.
Read articleSecurity · 9 min readEvery MDR vendor's site says the same things. Here's how to actually tell them apart: the difference between an alert and a response, who's watching at 2am, and the questions that separate real 24/7 detection from a dashboard you'll never open.
Read articleRoadmap, remediation, and ongoing attestation against the CIS Critical Security Controls and the Australian Essential Eight. Frameworks that actually get implemented, not just referenced.
Learn moreVulnerability scans, Microsoft 365 audits, security posture reviews, and dark web exposure checks. Know where you stand before an attacker does - with a remediation plan you can actually act on.
Learn moreWhere you stand against the CIS Critical Security Controls v8.1 - all 18 controls, scored to your target Implementation Group - with a prioritised roadmap to close the gaps. The broad, internationally-recognised baseline that maps to NIST and ISO.
Learn moreTell us what your current setup looks like. We’ll send back a quote, a transition plan, and a firm date you’d be onboarded - within 48 hours.
