SecBoost

Product

A practical workspace for ISM, Essential Eight and IRAP readiness.

SecBoost keeps assessment scope, control implementation, evidence, generated documents, registers and assessor records aligned.

Control list
Filter, update and review ISM controls from a single working list.

Define the assessment scope

Create a project from the wizard, an SSP Annex or a CCM import. Set classification, ISM version and system context, then tailor control applicability and responsibilities.

Choose your compliance scope

Generate the documentation suite

Create 20+ ISM-aligned policies, plans, standards, registers and reports from the same system profile and control records.

Documentation suite list

Track Essential Eight maturity

Record control implementation, maturity progress, blockers, alternate controls, no-visibility gaps and residual risk for Maturity Level 1, 2 or 3.

Essential Eight maturity tracking

Attach evidence to controls

Upload screenshots, PDFs, exports and supporting records directly against the control implementation and assessment record.

Preview control evidence attachments

Bring assessors into the workflow

Standard and Enterprise let assessors work inside SecBoost: review evidence, record assessment outcomes, return controls to editing when more information is needed, and finish with OSCAL and completed CCM outputs.

Essential Eight assessment workflow

Use context-aware implementation guidance

Structured context questions power AI implementation suggestions aligned to your actual system profile and the relevant ISM control.

AI control implementation suggestion

Documentation Suite

Generated documents stay tied to the control record.

The Documentation Suite uses your system profile, selected ISM version, classification, control applicability and implementation notes to produce assessor-ready material.

Report documents
Reports, matrices and generated documents are available from the same project workspace.

Policies

  • Access Control Policy
  • Artificial Intelligence Security Policy
  • Asset Management Policy
  • Backup and Recovery Policy
  • Change Management Policy and Procedure
  • Cloud Security Policy
  • Cryptographic Controls Policy
  • Data Classification and Handling Policy
  • Email and Communications Policy
  • Endpoint Protection Policy
  • Information Security Policy
  • Interconnection Security Policy
  • Logging and Monitoring Policy
  • Physical Security Policy
  • Secure Development Policy
  • Supplier Security Management Policy

Plans

  • Business Continuity Plan
  • Disaster Recovery Plan
  • Incident Response Plan
  • Risk Management Plan
  • Security Awareness and Training Plan
  • Security Review and Audit Plan
  • System Security Plan

Registers

  • Access Control Register
  • Change Management Register
  • Cloud Service Inventory
  • Crypto Key Inventory and Certificate Register
  • Data Retention Schedule
  • Evidence Register
  • Hardware Asset Register
  • Incident Register
  • Interconnection Register
  • Review and Audit Log
  • Software Asset Register
  • Supplier Risk Assessment
  • Training Register
  • Vulnerability Management Register

Matrices, reports and exports

  • Cloud Controls Matrix
  • SSP Annex: ISM Control Implementation Matrix
  • Essential Eight Compliance Progress Report
  • Essential Eight Portfolio Executive Report
  • Essential Eight Target Progress Report
  • OSCAL Assessment Results export
  • OSCAL System Security Plan export

Registers and contacts

Keep supporting records with the assessment.

Asset, evidence, training, change, supplier, vulnerability and risk records can be maintained alongside the control implementation and exported when needed.

Asset register
Contacts