Resources
The kind of work you'd actually show a board
These examples show the finish, structure, and decision-ready clarity behind our client work, from assessment outputs and leadership reporting to the supporting reference material that makes the same standard tangible.
Start here
See the standard of work before you book a call
This page is here to prove the finish, structure, and practical quality of the work, not to make you browse a generic download library
Fictional example shown for illustration only. Reference guides, templates, and checklists below are real downloadable resources.
Where your business actually stands
A fictional baseline report showing scope, domain scoring, risk position, and a prioritised action roadmap.
What you will see
- Executive summary and overall security score
- Domain-by-domain scoring with priority gaps
- Roadmap actions with clear owners and outcomes
The 90-day update leadership wants
A board-ready quarterly pack with security trends, key risks, decisions, and next-quarter priorities.
What you will see
- Quarterly security snapshot for leadership
- Top risks, movement, and board-ready context
- Next-quarter priorities in one compact view
What you send when privacy gets challenged
A fictional privacy impact assessment covering project context, information flows, IPP analysis, and treatment actions.
What you will see
- Project and data-flow context up front
- IPP analysis and privacy risk treatment
- Client-ready sign-off and action structure
Questionnaire Response Pack
A standard response pack showing how Good Security answers practical vendor, insurer, and customer due-diligence questions with evidence-backed responses.
What you will see
- Customer security questionnaire structure aligned to common buyer and insurer question areas for standard reviews
- Full answered response coverage with evidence references
- Manual-review items called out instead of hidden
What goes back when the questionnaire's brutal
A fuller due-diligence pack for enterprise procurement, regulated buyers, and more detailed security reviews.
What you will see
- Covers nine common areas buyers and auditors ask about — access control, data handling, incident response, and more
- Implementation notes, evidence appendix, and unresolved follow-up items
- The kind of response pack that closes deals with demanding buyers
Every customer demand, with owners
A fictional register showing customer obligations, mapped controls, evidence status, remediation, and review cadence.
What you will see
- Consolidated customer obligations in one working view
- Coverage, gaps, and improvement status in plain language
- Review-ready structure for ongoing customer scrutiny
Practical guides and templates
Use these as a starting point, then adapt them to the pressure the business is actually under
These downloads are useful when you want a cleaner first draft, not a complete answer without context
Board Security Reporting Template
A structured quarterly cybersecurity report template for NZ boards and executive leadership — covering security scorecard, key metrics, incidents, compliance status, risk register, roadmap, and budget.
- Board-ready reporting structure for security status, incidents, and priorities
- Clear sections for scorecard, metrics, risks, and roadmap
Cyber Insurance Readiness Checklist
30 controls NZ insurers commonly require or assess at underwriting. Work through this checklist before applying for or renewing cyber insurance so you have the evidence insurers ask for ready in one place.
- The controls insurers are likely to ask about up front
- A practical way to spot renewal blockers before underwriting
Incident Response Plan Template
A complete incident response plan template for NZ small businesses, covering detection through post-incident review. Aligned to CERT NZ guidance and Privacy Act 2020 notification obligations.
- A usable response structure from detection through review
- Clear sections for notification, containment, and communications
NZ Business Security Checklist
20 essential security controls every New Zealand business should have in place. Work through each item to understand your current exposure and prioritise improvements.
- A straightforward view of essential security controls
- A simple way to identify obvious exposure and next steps
Privacy Act 2020 Compliance Guide
A plain-English guide to NZ Privacy Act 2020 obligations for small businesses — covering the 13 Information Privacy Principles, IPP 3A indirect collection notification (May 2026), IPP 12 cross-border disclosure, and breach notification obligations.
- A plain-English summary of the Privacy Act 2020 obligations
- Guidance on IPPs, breach notification, and cross-border issues
Next Step
Need these adapted to your environment instead of starting from a generic template?
That is where the real work starts. We can take the sample standard, adapt it to your environment, and deliver the real version for your business