SecBoost SecBoost
Contact us
SecBoost

Streamlining Your Security Documentation

SecBoost helps Australian organisations meet the requirements of the Information Security Manual (ISM) by streamlining the creation, maintenance and compliance of policy, plan and procedure documents.

Designed to support PROTECTED-level IRAP assessments, SecBoost reduces the manual workload involved in interpreting controls, mapping them to business operations, and generating tailored, cross-referenced documentation.

By automating key compliance workflows — including the development of your System Security Plan Annex, policy generation and control tracking — SecBoost enables organisations to meet ISM obligations with minimal overhead.

Get started View pricing
The SecBoost dashboard helps you track ISM controls, evidence and documentation in one place.
ISM controls
1028

ISM 2025 Controls

Documentation suite
10–20

Tailored plans, policies & standards

Outcome
Faster

Audits and assessor workflows

Estimated savings
$38k

Annual cost savings

Features

Choose your compliance scope

Start with your classification level and ISM version. Use our New Project Wizard to initialise your System Security Plan (SSP) Annex and Control Matrix. Further tailor this to select which controls apply to your business. Record your implementation of those controls within the system.

Choose your compliance scope

Create your policies, plans & procedures

SecBoost auto-generates 10–20 aligned documents, customised with your branding. Each is pre-filled, and control-mapped to the ISM. Optionally include details about control implementation and assessments live, inside your documentation suite.

Create your policies, plans and procedures

Collaborate with IRAP assessors

Assign implementation evidence to controls. Export a complete, assessor-friendly document pack. Track IRAP assessor feedback directly in the SecBoost platform and within your documentation suite.

Collaborate with IRAP assessors

Essential Eight compliance tracking

The Essential Eight is a baseline of eight mitigation strategies. ASD publishes the Essential Eight maturity model, including a mapping between Essential Eight maturity requirements and ISM controls.

SecBoost helps you track maturity progress, capture evidence, and keep your documentation aligned with your selected ISM version — so the same work supports both operational uplift and compliance reporting.

DISP Cyber Security

Defence states that all Defence Industry Security Program (DISP) members are required to achieve and maintain compliance with the full Essential Eight at Maturity Level 2 (ML2).

DISP members complete the Essential Eight Cyber Security Questionnaire (CSQ) as part of the Annual Security Report (ASR) in the DISP Member Portal, and the CSQ is aligned with Essential Eight Maturity Level 2.

SecBoost helps you answer these questions, guides your security uplift, and gives you a single place to track Essential Eight maturity, implementation evidence, and the supporting documentation needed for ongoing assurance. Learn more on Defence’s DISP Cyber Assurance page.

Essential Eight maturity tracking

Registers & contacts

Keep the supporting records up-to-date alongside your controls and documentation suite.

Registers

Keep asset, evidence, training and change registers current, with clean export when you need it.

Registers

Contacts

Maintain stakeholder and assessor contacts alongside your system scope and documentation.

Contacts

Pricing Plans

First Year Introductory Discount

$9999 + GST

Full access to the SecBoost service at a discounted rate for your first year. Save $5000 from the Standard Annual package.

Contact us to get started

Standard Annual SecBoost Platform

$14999/year + GST

Continue using the SecBoost service for a single system at the standard package pricing.

Contact us to get started

Enterprise Customers

$PoA

Want to use SecBoost to track your IRAP compliance progress and generate tailored documentation across multiple systems? Get in touch for volume pricing.

Contact us to get started

Start Today

Ready to simplify your security documentation?

Get started

Common Queries

How does SecBoost automate tasks?

SecBoost maps ISM controls to your chosen scope, generates tailored documentation, and keeps everything aligned with your SSP and the ISM — all with minimal manual effort.

When it comes time to be IRAP assessed, SecBoost provides a single source of truth for the auditor. SecBoost allows the assessor to drill into how each control is implemented within your system, and track their assessment (and any remediation required) directly within the platform.

What is a System Security Plan (SSP)?

This is the formal, detailed document that provides a complete overview of the cloud service. It describes the system's purpose, architecture, data flows, security authorisations, interconnections, and the operational environment. It is the primary document an IRAP Assessor uses to understand what they are assessing.

Our platform assists in the creation of your SSP and SSP Annex, tracking your compliance journey in a single, easy to manage platform.

What is the System Security Plan Annex?

Similar to a Statement of Applicability (SoA), the System Security Plan (SSP) Annex is the official spreadsheet you complete to start your IRAP assessment. Its purpose is to define the assessment boundary — the clear scope of what an assessor will review, based on the Information Security Manual (ISM).

The template consists of 1 row per ISM control and includes space to:

  • Nominate who is responsible for implementing that control
  • State the effectiveness of your implementation
  • Describe your implementation

SecBoost supports the import/export of the SSP Annex spreadsheet template provided by the Australian Cyber Security Centre (ACSC).

Who benefits from using SecBoost?
SecBoost is designed for Australian organisations preparing for IRAP assessments, especially those needing to generate ISM-aligned policies and plans quickly and accurately.
How does collaboration work?
You can assign roles, share access with IRAP assessors, and track comments or evidence for each control within your business unit.
Is documentation always up-to-date?
Yes — SecBoost tracks ISM version changes and lets you regenerate documents instantly based on your current System Security Plan, ISM version, and classification level.
Who is SecBoost?
Founded in Melbourne in 2025, SecBoost is the brainchild of 2 developers with almost 50 years of combined, real industry experience securing documents for Australian government customers. We're an Australian sovereign (owned and operated) company doing our best to help businesses secure their systems and get them ready to sell their services to our government.

Documentation Suite

The SecBoost system will generate the following ISM compliant documents matching your tailored control applicability and implementations, ISM version, and classification level.

Documentation suite list
A single, tailored documentation suite mapped to your selected ISM controls.
Generated Risk Management Plan (PDF)
Export-ready PDFs (example: Risk Management Plan).
Generated Risk Management Plan content (PDF)
Detailed, control-aligned content that stays in sync.

Policies

  • Access Control Policy
  • Asset Management Policy
  • Backup & Recovery Policy
  • Change Management Policy & Procedure
  • Cloud Security Policy
  • Cryptographic Controls Policy
  • Data Classification and Handling Policy
  • Email and Communications Policy
  • Endpoint Protection Policy
  • Information Security Policy
  • Interconnection Security Policy
  • Logging & Monitoring Policy
  • Physical Security Policy
  • Secure Development Policy
  • Supplier Security Management Policy

Plans

  • Business Continuity Plan (BCP)
  • Disaster Recovery Plan (DRP)
  • Incident Response Plan
  • Risk Management Plan
  • Security Awareness and Training Plan
  • Security Review & Audit Plan
  • System Security Plan (SSP)

Standards

  • Environment Management Standard
  • Network Security Standard
  • Platform Security Standard
  • System Hardening Standard
  • Vulnerability and Patch Management Standard

Registers & Matrices

Managed and filled in within the SecBoost system, with full auditing and optional export to Excel xlsx files.

  • Access Control Register
  • Change Management Register
  • Cloud Service Inventory
  • Crypto Key Inventory & Certificate Register
  • Data Retention Schedule
  • Evidence Register
  • Hardware Asset Register
  • Incident Register
  • Interconnection Register
  • Review/Audit Log
  • Software Asset Register
  • Supplier Risk Assessment
  • Training Register
  • Vulnerability Management Register
  • System Security Plan Annex
  • Cloud Control Matrix (exportable in xlsx format)

Get in touch

Tell us about your system, timeline, and assessment scope. We’ll get back to you shortly.

We work with Australian organisations preparing for IRAP assessments and teams looking to reduce the effort involved in producing ISM-aligned documentation.