Example deliverable
What this gives the business
Security Baseline Assessment Sample
Fictional example shown for illustration only.
Service
Security Baseline Assessment
See where the business is exposed, what matters first, and what should be fixed before the next review, buyer question, or renewal lands.
Usually starts in Baseline
The pressure
You need one clear picture of where the business is exposed before customers, insurers, or leadership push harder.
The business gets a defensible baseline, a prioritised roadmap, and named owners instead of scattered concerns.
When a buyer, insurer, or leader asks how secure the business really is, guessing gets expensive quickly. This assessment shows where the exposure sits today, what is already working, and which gaps are most likely to create friction or cost next.
Good Security reviews the current state across people, process, and technology, then leaves the business with a scored baseline, a risk-ranked roadmap, and a board-ready summary that makes the next decision easier.
What you leave with
What you walk away with.
These are the deliverables and working records the team should be able to use once the work is complete.
Security Maturity Scorecard
A scored evaluation across 12 security domains with clear maturity ratings from 1 (Initial) to 5 (Optimised), benchmarked against NZ industry peers.
Gap Analysis Report
Detailed findings for each domain identifying specific control gaps, with evidence-based severity ratings and business impact context.
Prioritised Improvement Roadmap
A 12-month action plan with quick wins, medium-term projects, and strategic initiatives ranked by risk reduction and implementation effort.
Executive Summary
A board-ready two-page summary with key findings, risk position rating, and top five recommended actions.
Evidence & Working Papers
Complete documentation of assessment methodology, interview notes, and evidence collected during the engagement.
What that looks like in practice
The output is a board-ready baseline report with the current maturity picture, the biggest exposure areas, and a sequenced roadmap that shows what should be fixed first, what can wait, and who needs to own each step.
Sample output
Security Baseline Assessment Sample
Fictional example shown for illustration only.
What should be easier after this lands
What should be easier after this.
These are the outcomes owners, managers, or leaders should notice after the deliverable starts being used.
- Leadership gets a plain-English view of the current position instead of conflicting opinions.
- The next wave of work is prioritised by business risk and effort, not by whichever issue shouted loudest first.
- Security spend is easier to defend because it is tied to named gaps and a sequenced plan.
- Future reporting has a baseline to measure against instead of starting from scratch every quarter.
What this service is designed to do
- baseline assessment
- prioritised roadmap
- named ownership and next actions
How the work moves
How the work gets done.
You should know what happens first, what gets reviewed, and what lands with the business at the end.
1
Set the scope
We confirm which systems, teams, and locations matter most so the assessment reflects the real business boundary.
2
Review the current state
Good Security reviews evidence, interviews key people, and checks how security actually operates day to day.
3
Rank the gaps
The findings are sorted into what needs attention now, what can be staged, and what is already good enough for the current risk level.
4
Walk through the plan
You get the written assessment, the improvement roadmap, and a practical discussion about what should happen next.
FAQ
Common questions.
These answers are here to make the next decision easier, not to hide the real scope.
When does Security Baseline Assessment make sense? +
You need one clear picture of where the business is exposed before customers, insurers, or leadership push harder. Use this when the business needs a credible first answer before layering reporting, compliance, or governance work on top.
What changes after Security Baseline Assessment is delivered? +
The business gets a defensible baseline, a prioritised roadmap, and named owners instead of scattered concerns.
What often comes next
What usually comes next.
These services are often paired with this engagement when the business needs a broader operating model, more evidence, or stronger follow-through.
Security Assessment & Baseline
Government Standards Gap Assessment
See what stands between the business and NZISM, PSR, HISO, or similar public-sector expectations before an audit or supplier review exposes the gap.
Ongoing Monitoring & Reporting
Quarterly Security Scorecard
Show whether the programme is actually improving with a quarterly scorecard leadership can compare, discuss, and act on.
Need to turn this into a practical next step?
We will help you decide whether this is the right engagement, what the business should expect to receive, and where it fits in the wider programme.