Resources
Free resources for IT and risk leaders.
Practical worksheets, checklists, and audit templates. Made by people who do this work.
Each resource is built from real engagements with mid-market firms. No vendor whitepapers. No marketing fluff. The kind of document we hand a CISO or Head of Risk before the first conversation.
Download today
- Live
Free 30-Minute IT Health Check
A no-strings remote review of your service-desk SLA, patch coverage, backup posture, and Essential Eight baseline.
For IT Managers, Practice Managers
Book the health check - Live
CPS 234 Readiness Worksheet
A 12-question diagnostic that takes 20 minutes. Built from real APRA reviews of mid-market FS firms.
For CISOs, Heads of Risk, FS IT leaders
Download the worksheet
Coming next
Roughly one new resource per quarter, sequenced behind our 12-month content plan.
- Coming soon
Essential Eight ML2 Self-Assessment
24 questions across the eight controls.
- Coming soon
Tax-Period Continuity Checklist
IT readiness for the tax quarter and year-end peak. For accounting firms.
- Coming soon
Privileged Document Protection Audit
For law-firm IT Partners and Practice Managers. Built post-HWL Ebsworth.
- Coming soon
NDIS Quality & Safeguards IT Compliance Checklist
For NDIS provider COOs and Heads of Compliance.
- Coming soon
Sample CPS 234 Evidence Pack
A redacted, real-engagement evidence pack. For Heads of Risk.
- Coming soon
Board-Ready Cyber Quarterly Report Template
The format we deliver to mid-market FS Risk Committees.
A good worksheet ends conversations we should not be having
We publish these because a good worksheet ends conversations we should not be having. If a Head of Risk runs the CPS 234 Readiness Worksheet and finds out their §15 documentation is solid, that is a useful answer — even if the answer is “you do not need us yet.”
The worksheets and checklists are built from anonymised, real engagements. We do not publish vendor whitepapers. We do not publish “the future of cyber” trend pieces. We publish what we hand a buyer in the first 30 minutes.
Frequently asked
IT, risk and compliance leaders at mid-market firms — typically 50 to 2,000 staff. Specifically: IT Managers, IT Directors, CISOs, Heads of Risk, Practice Managers (accounting and legal), and Compliance Heads at NDIS providers, healthcare and dental practices.
Yes. Every download is email-gated so we can email you the resource and one nurture email per week, maximum. You can unsubscribe at any time. We do not share your email. The privacy notes on each form are explicit.
Yes — anonymised. The CPS 234 worksheet was built from real APRA review patterns at mid-market regional banks, credit unions, mutuals and super funds. The IT Health Check is the same 30-minute remote review we run pre-engagement. The Essential Eight self-assessment uses our real per-control evidence rubric.
Roughly one new resource per quarter. The publication priority follows our content commitment — CPS 234, CPS 230, Essential Eight ML2, Privacy Act, and vertical-specific checklists for accounting, legal and healthcare.
Yes. We ask only that the resource is not republished externally with the BISTEC name removed. Internal use, board-pack inclusion and audit-prep use are all fine.
The free versions are diagnostics. Paid engagements deliver the documented programme behind the diagnostic — the actual CPS 234 evidence pack, the actual ML2 uplift roadmap, the actual Privacy Impact Assessment. The free worksheets tell you whether you need that next step.