Standards, Regulations and Frameworks

Find out which standard is the best for your business and how you can find out how well you are doing against each.

Which standard should we align to?

It is important to keep in mind that the standard you select be best suited for both your internal needs and also the needs of your clients and regulators who may require you to meet a certain standard.  

For businesses with immature or unknown capability i.e this is the first time you are assessing your business we recommend starting with a Health Check or SMB 1001.  It is the shortest assessment and focusses on assessing key controls across all 16 practice areas.  

If you do well in the Health Check then you can move on to one of the standards such as ISO 27001 or NIST CSF (if you have a business account) to complete a more in-depth assessment of how mature your controls are across each practice area while also finding out how mature your controls are against the in-scope standards requirements.

Privacy Reasonable Steps

The Privacy Reasonable Steps are set out in the Guide to Securing Personal Information which provides organisations with reasonable steps entities they are required to take under the Australian Privacy Act.


SOC2 are the Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy used by auditors to evaluate the controls within an organisation's cyber risk management program.

ISO 27001

ISO 27001 sets out requirements for an information security management system (ISMS) that helps organisations maintain a governance program and set up a core set of business process, people and technology controls.


SMB1001 is a multi-tiered cyber security standard for small and medium businesses that allows all organisations to start and monitor their journey towards resilience against evolving cyber threats.

Health Check

The Assuredly Health Check consists of 25 key controls from across all information security practice areas that give organisations a view of how well they are managing the fundamentals in their business.

Essential Eight

The Essential Eight is set of mitigation strategies designed to help organisations protect themselves against cyber security incidents. Designed specifically for use on Windows networks.


NIST Cybersecurity Framework are standards, guidelines, and best practices to help industry, government, and organisations reduce cybersecurity risks.