The compliance platform for NZ critical infrastructure. NZISM system certification, risk management programmes, mandatory incident reporting, and continuous assurance — all in one place.
The Problem
The proposed Cyber Security and Resilience Bill will require ~200 critical infrastructure entities to implement risk management programmes, report incidents within 24 hours, and prove compliance — or face fines up to $5 million and $500K personal liability for directors.
Critical infrastructure entities affected
Maximum penalty for non-compliance
Personal director liability
How It Works
AccreditAZ manages the full compliance lifecycle — from initial gap analysis to continuous assurance.
Free gap analysis against NZISM, E8, or ISO 27001
Close gaps with guided workflows, policies & training
Per-system C&A with SSP, SoA & certification memos
24/72hr incident reporting with countdown timers
Trust Centre, board reports & director attestations
Health scores, re-cert alerts & continuous monitoring
The Platform
Replace spreadsheets, Word docs, and manual processes with a single platform that manages the full compliance lifecycle.
Per-system NZISM certification and accreditation. Register systems, map controls by classification level, track evidence, manage waivers, and generate SSPs & certification memos.
Implement a control once at the org level — it auto-inherits across every system. First system takes weeks. Tenth system takes hours. No duplicated effort.
Full risk register with 5×5 matrix, treatment plans, and risk owner assignments. Build the mandatory risk management programme the legislation requires.
Mandatory 24-hour early warning and 72-hour full reports with live countdown timers, guided templates, timeline tracking, and auto-generated incident references.
Board-level dashboard with obligation status, personal liability warnings, and digital attestation workflow. Premium board reports delivered automatically each quarter.
Upload evidence, link to controls across systems. Policy template library with guided builder, version control, and configurable approval chains.
Invite suppliers to self-assess against your security requirements. Criticality ratings, risk scoring, and compliance status tracking from a single dashboard.
Powered by WyzAZ. Complete a training module and it automatically logs evidence against the corresponding compliance control. No other platform does this.
A public-facing compliance status page your customers, auditors, and regulators can visit anytime. Show certifications, frameworks, and training stats — on your terms.
Auto-populated from cert expiry, policy reviews, attestation deadlines. iCal export to Outlook.
Configurable chains for evidence, waivers, policies, and risk acceptances. Multi-step sign-off.
Ask questions about NZISM controls, get implementation guidance, and draft policy content — powered by AI.
Composite compliance score that degrades over time. Tracks progress and creates urgency across the organisation.
Frameworks
Map controls once. Satisfy multiple frameworks. Cross-walking eliminates duplicate work across overlapping requirements.
NZ Information Security Manual
ASD Maturity Model
Information Security
NZ Privacy Act 2020
Cybersecurity Framework
APRA Information Security
SME Cyber Certification
Trust Service Criteria
Take our 15-minute readiness assessment and get a detailed gap analysis against NZISM, Essential Eight, or ISO 27001. See exactly where you stand — and what it takes to get certified.
Start Your Free AssessmentConsultants charge $5–10K for this. We give it to you for free.
For Directors & Board Members
Even if compliance work is done elsewhere, the director dashboard and reports are the best in the world. Premium dark-themed board packs — one click, no formatting, no PowerPoint.
One-page traffic light status across all obligations, compliance score trend, risk posture, and signed attestation. Fits on one printed page.
Cover page, table of contents, framework breakdown per system, incident summary, supply chain overview, remediation roadmap, and attestation page.
The document a lawyer asks for. Every attestation signed, every board report received, compliance trend over your tenure, risk acceptances with rationale.
Designed for NCSC, DPMC, or sector regulators. Mirrors mandatory reporting requirements. Timestamped, digitally signed, pure compliance data.
Directors get a free dashboard — no licence required. Reports are auto-delivered quarterly.
Pricing
No per-user fees. No surprise costs. Scale by systems, not seats.
See where you stand. 1 system, 1 framework, 3 users.
For organisations starting compliance. Up to 3 systems, 10 users.
For CIEs with multiple systems. Up to 15 systems, unlimited users.
For consultancies and large agencies. Unlimited systems.
All prices in NZD excl. GST. Annual billing available with 2 months free.
For Consultants & Assessors
Stop spending 70% of your time on spreadsheets and boilerplate. AccreditAZ handles the grunt work — you keep the high-value advisory.
No licence fees. No seat costs. Full platform access for you and your team.
Your clients pay the subscription. You earn 15% of every dollar, every month. 12-month grace period.
See only the systems and frameworks you're engaged on. Multiple consultants per entity, fully isolated.
Your compliance data, evidence, and system security plans never leave the AU/NZ region. No US data transfers. Built for government requirements.