NIST CSF 2.0

Build a Current Profile → Target Profile with a prioritised, measurable roadmap — and evidence captured in Microsoft 365 & SharePoint.

Current profile Target profile Roadmap Metrics Board reporting

Trusted by Australian enterprises — APRA-regulated, critical infrastructure, SaaS.

What’s included

Function/Category/Subcategory review with risk mapping and IG1–IG3 guidance.

12-month plan: quarterly milestones, owners, budget lens, and dependencies.

Board-level KPIs/KRIs and a posture scorecard (Power BI / Looker Studio).

Mappings to ISO 27001 Annex A, Essential Eight, SOC 2 — reduce audit fatigue.

Repeatable playbooks for tests, incident drills and evidence capture.

SharePoint structure with retention/metadata for every control.

Purview, Entra ID, SharePoint — data map scans, access reviews, risk register & ownership tracking.

Defender, M365 Security, Sentinel — DLP, vulnerability views, alerts, workbook exports.

Teams, Power Automate, OneDrive — IR runbooks, notifications, PIRs and evidence filing.

Every artefact is filed in your Evidence Hub (SharePoint) with Framework, Control, Owner and Period metadata.

Quarterly wins visible to execs and the board.

One set of evidence cross-mapped to common frameworks.

Everything delivered natively in Microsoft 365.

Profiles → Roadmap → Metrics — with SharePoint evidence.

Related services: ISO 27001 ISO 27701 ISO 42001 SOC 2 Essential Eight DISP / ISM / IRAP