SecBoost

Defence and regulated suppliers

For suppliers that need to prove security maturity to customers, procurement teams or assessors.

SecBoost gives SaaS vendors, cloud providers and defence contractors a structured way to prepare Essential Eight reports, ISM documentation and IRAP assessment records.

Essential Eight maturity tracking

Customer assurance

Keep reports, implementation detail and supporting evidence ready when a government or regulated customer asks for it.

DISP and Essential Eight

Track target maturity, control gaps and evidence in a format that supports governance and uplift conversations.

Pathway to IRAP

Move from reporting and documentation into assessor collaboration when the engagement requires it, without sending confidential evidence through email threads.

Why and how

Defence and regulated suppliers need proof, not just policy intent.

SecBoost gives suppliers a place to organise the evidence, reports and documentation needed for DISP, customer assurance and later IRAP work.

DISP pressure is real

Defence suppliers need clear progress towards Essential Eight ML2 and evidence that can withstand review.

Customer assurance

Government and regulated customers increasingly ask for maturity, evidence and documentation before deeper assessment work begins.

Reusable assessment material

The same project record can support customer questions, governance updates, E8 reporting and IRAP preparation.

Secure Australian hosting

SecBoost-hosted single-tenant environments run inside SecBoost AWS Australia PROTECTED tenancy for teams handling sensitive assessment material.

How it works

A workflow from source material to usable outputs.

01

Start with the required maturity target

For DISP, that usually means organising work around the full Essential Eight at Maturity Level 2.

02

Capture system and business context

Record the corporate systems, stakeholders, assets and data flows used to correspond with Defence or regulated customers.

03

Attach evidence and record gaps

Keep evidence, blockers, alternate controls and maturity gaps close to the control record.

04

Return controls for more information

In Standard, assessors can move a control back to editing when they need clarification, keeping the request and response inside SecBoost.

05

Finalise the assessment package

SecBoost produces the artefacts needed for governance, customer assurance and assessment review.

Completed CCM (Cloud Controls Matrix)
OSCAL System Security Plan and Assessment Results exports
Completed Documentation Suite
Up-to-date, living registers
Essential Eight progress report
Report maturity, gaps and residual risk for customer and governance conversations.
Control evidence attachments
Attach DISP and customer assurance evidence directly to controls.

Starter or Standard depends on assessor involvement.

Use Starter when the job is managing stakeholder contacts, reports and a documentation suite. Use Standard when an assessor, consultant or internal reviewer needs to log in, complete assessment steps and finalise OSCAL and CCM outputs.

Starter

$7k/year + GST

Best for SMBs and small teams starting Essential Eight or ISM documentation work.

  • One organisation and one assessed system
  • Multiple projects for that assessed system
  • 20+ plans, policies, standards and reports
  • Full ISM support, updated for March 2026
  • Wizard-based project creation
  • SSP Annex and Control Matrix Excel import
  • Essential Eight dashboard, index and report
  • Evidence attachments for controls
  • Contacts and stakeholder records
  • Asset library for logos, diagrams and contact lists
  • Passkey and TOTP MFA
  • Five users and 5 GB storage
  • Business hours email support
  • One hour onboarding and training
  • SecBoost-hosted single-tenant AWS Australia PROTECTED deployment
Contact us

Standard

$12k/year + GST

Ideal for this use case

Best when an assessor needs to log in and perform assessment work inside SecBoost.

  • Everything in Starter
  • Assessor-managed control workflow with assessment steps
  • Assessors can perform assessment work inside SecBoost
  • Assessors can return controls to editing when more information is needed
  • Customisable roles and permissions
  • 10+ registers including hardware, training and evidence
  • Completed CCM and OSCAL SSP and Assessment Results exports
  • Up to two assessed systems, each with multiple projects
  • 20 users and 20 GB storage
  • AI-generated implementation suggestions
  • Optional Jira integration
  • Business hours priority phone support
  • SecBoost-hosted single-tenant AWS Australia PROTECTED deployment
Contact us

Enterprise

Contact us

Best for multiple organisations, multiple systems, delivery teams and portfolio assurance.

  • Everything in Standard
  • Multiple organisations, assessed systems and projects
  • Teams and task assignment
  • Task reminders, escalation and reporting
  • Custom workflow gates
  • Portfolio assessment workflow with completed CCM and OSCAL exports
  • SSO with just-in-time provisioning
  • Custom domain
  • On-premises deployment option
  • SECRET and TOP SECRET classification support
  • Unlimited users
  • Configurable storage
  • Extended support, custom training and quarterly reviews
Contact us

FAQ

Defence supplier questions

Common questions from suppliers preparing Essential Eight, DISP and customer assurance material.

How does SecBoost help Defence suppliers with DISP cyber assurance?

SecBoost helps suppliers organise Essential Eight maturity work, implementation evidence, blockers, residual risk and supporting ISM documentation so they can respond to Defence, customer and assessor assurance requests more consistently.

Is Starter enough for a Defence supplier?

Starter can suit suppliers that need reports, stakeholder contacts, evidence records and a documentation suite. Standard is a better fit when an assessor, consultant or internal reviewer needs to work inside SecBoost and produce final OSCAL and completed CCM outputs.

Can SecBoost support a pathway from Essential Eight to IRAP?

Yes. Teams can start with Essential Eight and supporting documentation, then move into assessor collaboration, control evidence review and assessment workflow when the engagement requires it.

Can suppliers keep customer assurance evidence in SecBoost?

Yes. Evidence can be attached directly to the relevant control so reports, maturity claims and customer assurance conversations remain traceable to supporting records.