Australian ISM and IRAP compliance software

SecBoost turns assessment scope, evidence and documentation into a working compliance system.

Prepare Essential Eight reports, generate ISM-aligned documentation, and bring assessors into the workflow when the engagement needs it.

Talk to SecBoost Compare tiers

SecBoost dashboard — Control progress, documentation, evidence and assessment activity in one workspace.

Who it is for

Choose the workflow that matches the assessment.

Different teams come to SecBoost for different reasons. Some need a report and a document pack. Others need an assessor workspace, or a way to run assurance across multiple customers and systems.

Starter

Small business and Essential Eight starters

For small teams that need to produce an Essential Eight compliance report and build the documentation they do not yet have.

Starter or Standard

Defence and regulated suppliers

For SaaS vendors, cloud providers and defence contractors responding to procurement, DISP or customer assurance requirements.

Standard or Enterprise

Assessors and consultants

For IRAP assessors and consultants who want clients to manage scope, evidence and assessment records in one place.

Enterprise

MSPs and security providers

For teams running multiple customer projects with analysts, auditors, task ownership and repeatable delivery workflows.

Enterprise

Government and enterprise

For agencies and larger organisations managing multiple assessed systems, separate projects and internal assurance teams.

Product

The same control record supports scope, evidence, documents and assessment.

SecBoost is built around Australian security assurance work: ISM controls, Essential Eight maturity, SSP Annex records, generated documentation, evidence and assessor review.

Define the assessment scope

Create a project from the wizard, an SSP Annex or a CCM import. Set classification, ISM version and system context, then tailor control applicability and responsibilities.

Generate the documentation suite

Create 20+ ISM-aligned policies, plans, standards, registers and reports from the same system profile and control records.

Track Essential Eight maturity

Record control implementation, maturity progress, blockers, alternate controls, no-visibility gaps and residual risk for Maturity Level 1, 2 or 3.

Attach evidence to controls

Upload screenshots, PDFs, exports and supporting records directly against the control implementation and assessment record.

Bring assessors into the workflow

Standard and Enterprise let assessors work inside SecBoost: review evidence, record assessment outcomes, return controls to editing when more information is needed, and finish with OSCAL and completed CCM outputs.

Use context-aware implementation guidance

Structured context questions power AI implementation suggestions aligned to your actual system profile and the relevant ISM control.

Current support for practical assessment outputs.

SecBoost keeps pace with the practical outputs teams need for Essential Eight, ISM documentation, evidence management and assessment preparation.

New in Apr 2026

Essential Eight reporting pack

Generate target progress and portfolio executive reports covering maturity achievement, blockers, alternate controls, no-visibility gaps and residual risk.

New in Mar 2026

March 2026 ISM coverage

Use the March 2026 ISM release across project setup, SSP Annex, generated matrices and generated documentation.

New in Mar 2026

Evidence attachments

Attach implementation evidence directly to controls with drag-and-drop upload and virus scanning during processing.

New in Feb 2026

OSCAL export

Export OSCAL 1.1.2 System Security Plan and Assessment Results JSON for use in OSCAL-aware tooling.

Pricing

Choose based on who needs to work in the assessment.

Starter covers documentation and Essential Eight reporting. Standard adds assessor collaboration. Enterprise adds Teams, tasks and multiple organisations.

Starter

$7k/year + GST

Best for SMBs and small teams starting Essential Eight or ISM documentation work.

✓ One organisation and one assessed system
✓ Multiple projects for that assessed system
✓ 20+ plans, policies, standards and reports
✓ Full ISM support, updated for March 2026
✓ Wizard-based project creation
✓ SSP Annex and Control Matrix Excel import
✓ Essential Eight dashboard, index and report
✓ Evidence attachments for controls
✓ Contacts and stakeholder records
✓ Asset library for logos, diagrams and contact lists
✓ Passkey and TOTP MFA
✓ Five users and 5 GB storage
✓ Business hours email support
✓ One hour onboarding and training
✓ SecBoost-hosted single-tenant AWS Australia PROTECTED deployment

Standard

$12k/year + GST

Enterprise

Best for multiple organisations, multiple systems, delivery teams and portfolio assurance.

✓ Everything in Standard
✓ Multiple organisations, assessed systems and projects
✓ Teams and task assignment
✓ Task reminders, escalation and reporting
✓ Custom workflow gates
✓ Portfolio assessment workflow with completed CCM and OSCAL exports
✓ SSO with just-in-time provisioning
✓ Custom domain
✓ On-premises deployment option
✓ SECRET and TOP SECRET classification support
✓ Unlimited users
✓ Configurable storage
✓ Extended support, custom training and quarterly reviews

Contact

Talk to us about your assessment workflow

Tell us about your organisation, system count, target maturity level, assessment timing and whether an assessor needs to work inside SecBoost.

We work with Australian organisations preparing Essential Eight reports, ISM document packs and IRAP assessments.