← All Services

Compliance & Audit

Assessments against NIST CSF, Essential Eight, ISO 27001, and CIS Controls.

Overview

Compliance isn’t about ticking boxes — it’s about understanding where you stand, what’s at risk, and what to do about it. Opcode conducts practical assessments against industry frameworks, giving you a clear picture of your security posture and a prioritised plan to improve it.

What’s included

  • Gap analysis — Detailed assessment of your current controls against a target framework, identifying gaps and their business impact.
  • Maturity assessment — Evaluation of your security program maturity across key domains, with actionable recommendations for each maturity level.
  • Remediation planning — Prioritised roadmap for closing gaps, with realistic timelines and resource estimates.
  • Audit preparation — Support in preparing for external audits: evidence gathering, control documentation, and pre-audit readiness checks.
  • Policy and procedure review — Assessment and improvement of security policies, standards, and operating procedures.

Frameworks

Opcode works with the frameworks your industry and regulators care about:

  • NIST CSF — Comprehensive cybersecurity framework widely adopted across industries.
  • Essential Eight — The Australian Signals Directorate’s baseline mitigation strategies. Opcode assesses against all maturity levels (ML1 through ML3).
  • ISO 27001 / 27002 — International standard for information security management systems.
  • CIS Controls — Prioritised set of defensive actions for cyber defence.
  • APRA CPS 234 — Prudential standard for information security in Australian financial services.

How it works

  1. Scoping — Define which framework(s), which business units, and which systems are in scope.
  2. Assessment — Evidence collection through documentation review, interviews, and technical validation. Each control is assessed for implementation status and effectiveness.
  3. Reporting — Clear, actionable report with findings, risk ratings, and prioritised recommendations. No 200-page documents that nobody reads — Opcode delivers reports your team will actually use.
  4. Remediation support — Optional ongoing engagement to support your team through remediation activities.

Discuss your compliance & audit needs

Get in touch to talk about how Opcode can help your organisation.

Get in Touch