Compliance
They're going to ask about your security. Let's make sure you like the answer
Most businesses need two or three frameworks, not all of them. These pages translate common security and privacy frameworks into practical business language so you can see what the framework expects, why it matters commercially, and where most organisations need operational support.
CIS Critical Security Controls v8
CIS Critical Security Controls
A prioritised set of defensive actions that provide a practical, actionable framework for improving organisational cyber defence.
Information Privacy Principle 12 — Disclosure of Personal Information Outside New Zealand
IPP 12 — Cross-Border Disclosure
Rules for disclosing personal information to overseas recipients, including the Section 11 agent exception for cloud services.
Information Privacy Principle 3A — Notification of Indirect Collection of Personal Information
IPP 3A — Indirect Collection Notification
New Privacy Act amendment (May 2026) requiring NZ organisations to notify individuals when personal information is collected from third-party sources.
ISO/IEC 27001:2022 Information Security Management System
ISO/IEC 27001
The international gold standard for information security management, providing a structured framework for protecting organisational information assets.
NIST Cybersecurity Framework (CSF) 2.0
NIST Cybersecurity Framework
A globally recognised cybersecurity framework that provides a common language and structured approach to managing cyber risk across organisations of all sizes.
New Zealand Information Security Manual (NZISM)
New Zealand Information Security Manual (NZISM)
The New Zealand Government's information security manual, commonly referenced by agencies and suppliers that need to show alignment with government security expectations.
New Zealand Privacy Act 2020
New Zealand Privacy Act 2020
NZ's primary data protection legislation governing how all organisations collect, use, store, and disclose personal information.
Tell us what the business is being asked to prove.
We can help you separate mandatory obligations from customer expectations and work out which evidence, documents, and answers you need first.