Australia + New Zealand · ISO 27001 · Essential Eight
The security policies your business is supposed to have, written for your country.
Most businesses know they should have one. Most don't.
One library for Australian law, one for New Zealand — the controls rhyme, the wording doesn't, so we kept them separate.
Pick your path
Two countries, two rulebooks.
The controls rhyme, but the law and the guidance do not. Start on the library that matches where your business is registered.
Aligned to ISO 27001 Annex A and the ACSC Essential Eight, with privacy templates built on the Australian Privacy Principles and the Notifiable Data Breaches scheme.
Aligned to the NZISM and NCSC guidance including the Critical Controls, with privacy templates built on the Privacy Act 2020 and the Office of the Privacy Commissioner notification rules.
The map
See both libraries before you download a thing.
Switch countries and the whole map re-colours. Similar topic areas on each side, different guides underneath, because the obligations underneath are different.
How the library works
From blank page to signed policy in an afternoon.
Pick the guides you need
Start with the five that most audits ask for first, or take the full set. Every guide names the framework clause it satisfies.
Fill the yellow fields
Company name, roles, review dates. The wording is drafted, the decisions are marked, so you are editing, not writing from scratch.
Approve, publish, review
Each template carries an approval block and a review cycle, so the policy stays current instead of ageing in a shared drive.
Start with the five policies every auditor asks for.
Five templates, in your country's wording, ready to send the next time someone asks to see your policy.