Cybersecurity Health Check

For IT people

A technical control assessment for New Zealand organisations, mapped to NZISM, PSR, Essential Eight, ISO 27001 and HISF. Rate each control by how fully it's implemented.

🔒 Private by design. Your answers and results never leave your device. We measure only anonymous button clicks (no identity, no IP) to improve the tool.
Section 1 of 9
Cybersecurity check

Governance & Risk

Policy, risk management, accountability and supplier assurance.

Answer as things really are — there are no wrong answers, and your result is only as useful as it is honest.

Do you have documented, approved information security policies that are reviewed on a regular cycle?

PSRISO 27001NZISM

Do you maintain a security risk register where risks are assessed, treated and reviewed?

PSRISO 27001NZISM

Are security roles and responsibilities (e.g. a security lead / CISO) formally assigned?

PSRISO 27001

Do you assess the security of third-party suppliers and cloud services before and during use?

ISO 27001NZISMPSR

Do you maintain an up-to-date inventory of information assets together with their classification?

NZISMISO 27001HISF

If you build or customise software, is a secure development lifecycle applied (code review, dependency/SCA scanning, secrets management, separated environments)?

ISO 27001NZISM

Do you govern staff use of public AI tools and unsanctioned SaaS (shadow IT), with guidance on what data may be shared?

ISO 27001PSR
Please answer every question to continue

← Back to start
Your results are based on your own answers — this is a self-assessment to guide you, not a formal audit or a guarantee of security. It is an informational tool only, not affiliated with any insurer and does not sell insurance. For decisions about cover, speak to a licensed adviser.