Frameworks & Standards

Expert Guidance Across Key Security Frameworks

I bring hands-on implementation experience across the frameworks and standards that matter most to Australian and international organisations.

ASD Essential Eight

Australian Signals Directorate Essential Eight Maturity Model

The baseline cyber security framework recommended by the Australian Government. I help organisations assess their current maturity level and build practical roadmaps to achieve their target maturity.

Maturity level assessment (ML1-ML3)
Gap analysis and remediation planning
Application whitelisting strategy
Patch management optimisation
MFA implementation
Backup and recovery validation

ISO 27001

Information Security Management System (ISMS)

The international gold standard for information security management. I guide organisations through the full lifecycle, from initial gap assessment through implementation to certification readiness.

Gap assessment against ISO 27001:2022
ISMS design and implementation
Risk assessment methodology
Statement of Applicability (SoA)
Internal audit preparation
Certification readiness review

NIST CSF

National Institute of Standards and Technology Cybersecurity Framework

A flexible, risk-based framework widely adopted internationally. I use NIST CSF to help organisations structure their security programme around the five core functions: Identify, Protect, Detect, Respond, and Recover.

Current state assessment
Target profile development
Gap analysis and action planning
Risk management integration
Continuous improvement programme
Cross-framework mapping

GDPR

General Data Protection Regulation (EU) 2016/679

The EU's comprehensive data protection regulation with global reach. I help organisations understand their obligations, implement appropriate technical and organisational measures, and demonstrate compliance.

Data protection impact assessments (DPIA)
Privacy by design implementation
Data processing agreements
Breach notification procedures
Records of processing activities
Cross-border data transfer compliance

CPS 234

APRA Prudential Standard CPS 234: Information Security

APRA's mandatory information security standard for regulated financial institutions. I help organisations meet and maintain compliance with CPS 234's requirements around information security capability, policy, and incident management.

Information security capability assessment
Board and senior management roles
Information asset classification
Third-party management controls
Incident notification requirements
Testing and assurance programme

SOCI Act

Security of Critical Infrastructure Act 2018 (Cth)

Australia's legislation protecting critical infrastructure across 11 sectors. I help organisations understand their obligations, implement risk management programmes, and prepare for government-mandated reporting requirements.

Critical infrastructure risk management
Mandatory reporting requirements
System of national significance obligations
Enhanced cyber security obligations
Government assistance measures preparedness
Cross-sector dependency analysis
Discuss Your Compliance Needs

Make a Difference With Expert Guidance

Let's Work Together