EXECUTIVE SUMMARY

Netier Managed Security Services

Compliance & Technical Framework
BOARD APPROVAL PACK
Classification: OFFICIAL  •  26 March 2026
SECTION 2

Framework at a Glance

What

Comprehensive security framework governing managed IT services for ~30 clients across government, defence, critical infrastructure, and private sector verticals.

Aligned Frameworks
ISO 27001:2022 ASD ISM March 2026 Essential Eight ML3 SOCI Act 2018 DISP IS18:2018 SOC 2 NIST CSF CIS Controls APRA CPS 234 PCI DSS v4.0 Privacy Act (AU)
SOPs
0
Baselines
0
Operational Plans
0
Evidence Artefacts
0
SECTION 3

Document Hierarchy

Master Baseline Framework
Technical Configuration Framework
10 Standard Operating Procedures
5 Technical Baselines (with ISM Control IDs)
Compliance Evidence → Compliance Package
3 Operational Plans (IRP, BCP, DRP)
ConnectWise SLA Workflows
IS18 Compliance Mapping
Tier Compliance Matrix → SDD
SECTION 4

Technical Configuration Summary

TCF SectionDomainImplementing SOP
1.0Infrastructure & ComputeNET-SOP-INFRA-001
2.0Identity & Cloud WorkspacesNET-SOP-IDM-001
3.0Endpoint Protection & ControlNET-SOP-EP-001
4.0Vulnerability ManagementNET-SOP-VULN-001
5.0Security Awareness & TrainingNET-SOP-SAT-001
6.0Endpoint Management (MDM / UEM)NET-SOP-MDM-001
7.0Networking & PerimeterNET-SOP-NET-001
8.0Backup & Disaster RecoveryNET-SOP-BDR-001
9.0Remote Monitoring & Management (RMM)NET-SOP-RMM-001
10.0Knowledge Management & DocumentationNET-SOP-KM-001
SECTION 5

ISM Control Coverage

Total Unique ISM Controls Mapped
0
M365 & Entra ID Security Baseline
NET-BL-M365-001 — 30 controls
ISM-1173 ISM-0974 ISM-1401 ISM-1872 ISM-1682
Endpoint & Server Security Baseline
NET-BL-EP-001 — 25 controls
ISM-1926 ISM-1827 ISM-1620 ISM-1685 ISM-0383
Network Perimeter & Infrastructure Baseline
NET-BL-NET-001 — 22 controls
ISM-1528 ISM-0631 ISM-1192 ISM-1427 ISM-1028
Email Security, Web Posture & Deliverability Baseline
NET-BL-EMAIL-001 — 24 controls
ISM-0264 ISM-0569 ISM-0572 ISM-1589 ISM-0574
Operational Policies & Governing Plans
NET-BL-OPS-001 — 19 controls
ISM-0576 ISM-1784 ISM-0125 ISM-0123 ISM-0140
SECTION 6

Compliance Posture

Security Champions

CyberCred Platform

Deployed at cyber.netier.team for gamified security engagement.

DEPLOYED
Security Awareness

uSecure SAT Platform

Procured and SOP written (NET-SOP-SAT-001). Phishing simulation configuration in progress.

IN PROGRESS
Evidence Inventory

36 Tools Mapped

Technology evidence inventory maps 36 tools to 17 compliance frameworks.

COMPLETE
Remediation Tracker

REM-12 Updated

24 known gaps tracked with cross-references to remediation actions and target dates.

TRACKED
SECTION 7

Production Readiness

Before Review
10C + 10H

10 Critical, 10 High findings

Post Remediation
0C + 0H

All 20 items resolved

Resolved Items (20/20)
MFA lockout risk — two-phase deployment
GUID password — cryptographically secure
Policy count — corrected to 7
WF-009/010/013 — middleware specs
SLA 3.9 — per-priority targets
P1/P2 CVE conflict — clarified
SLA pause — Awaiting statuses
SAT platform — confirmed as uSecure
LAPS rotation — aligned to 14 days
PIR timeline — aligned to 14 cal days
Deprecated Graph cmdlet — updated
User Risk session controls — added
Service account handling — documented
WF-008 datetime — middleware spec
Slack integration — documented
P5 resolution — backstop confirmed
Monitoring tools — aligned to NinjaOne/Sophos MDR
PIR timeline IS18 — aligned
Compliance Readiness Scorecard — created
Template 1 — parameterised

Tool stack verified — all documentation references align with current production tooling.

SECTION 8

Phase 2 Roadmap

IS18 Evidence Artefacts
QGISCF-to-M365 Sensitivity Label Mapping
QGCISO Notification Playbook
Physical Security Assessment Template
Access Review Evidence Pack
Queensland IPP vs Commonwealth APP Comparison
Cryptographic Standards Reference
Information Transfer Policy
CW Manage Automation
Board & Custom Field Provisioner
SLA Definition Importer
Integration Middleware Core
Deduplication Engine
Drift Detection
Microsoft Entra Change Monitor
CW Board Configuration Validator
IS18 Control Evidence Freshness Check
Document Version & Review Tracker
SLA Definition Reconciliation
SECTION 9

Board Approval

Approved By
Managing Director, Netier
Date: _______________
Security & Cloud Engineering Lead, Netier
Date: _______________

Classification: OFFICIAL  •  Netier — Security & Cloud Engineering  •  26 March 2026

Netier Platform
🏠Hub 💰Sales Toolkit 🛡Security Ops 📋Compliance 🟢System Status 📊Client Reports 🕷PenTest Demo
Compliance
🏠Dashboard 📋Executive Summary 📚Full Framework 📊Excel Package