AccreditAZ guides NZ and Australian organisations from gap to certified — with structured certification pipelines, real-time risk tracking, evidence management, and board-ready reports. No spreadsheets required.
Why compliance can't wait
Critical infrastructure entities
facing mandatory cybersecurity obligations under the proposed Cyber Security & Resilience Bill
Maximum penalty
for organisations that fail to implement a risk management programme or report incidents on time
Personal director liability
directors can be held personally liable — the board needs a paper trail, not just good intentions
AccreditAZ builds the evidence, workflows, and reports that prove you're compliant — before the auditor or regulator arrives.
The C&A Pipeline
AccreditAZ breaks the certification and accreditation process into clear phases with gate checks. Know exactly where every system stands — and what's needed to move forward.
Document system purpose, boundaries, and stakeholders
Classify data, users, and system components
Identify threats, vulnerabilities, and residual risks
Map, assess, and evidence each required control
Assessor sign-off that controls are in place
Formal approval + exportable compliance report
Annual re-certification built in
When a cycle completes, start a new one with one click. Previous cycles are archived and preserved — so you always have a complete history for auditors.
The Platform
Replace the spreadsheets, shared drives, and email chains with a single platform that manages your full compliance lifecycle.
Register systems, assign frameworks, and work through a structured certification pipeline with gate checks. Know the status of every system at a glance.
Implement a control once — it applies across every system that shares it. Evidence attached to a common control satisfies multiple frameworks simultaneously. No duplicate effort.
Full risk register with 5×5 likelihood/impact matrix, treatment plans (Accept, Mitigate, Transfer, Avoid), risk owners, and review scheduling. The risk management programme your legislation requires.
Log, triage, and track security incidents from detection to closure. Timeline entries, severity ratings, owner assignments, and a post-incident review workflow. Fully auditable.
Upload evidence, set expiry dates, and link directly to controls across systems. Manage policies with version history and review cycles. Expiring evidence flagged automatically.
Board-ready compliance reports with plain-language summaries — no technical jargon. Compliance score, open risks, incidents, and policy status. Scheduled email delivery to directors.
Track third-party vendors by criticality, record security assessments, attach supplier documentation, and set review schedules. Know your supply chain risk at a glance.
Formally document control exceptions with residual risk justification, approver sign-off, and expiry dates. Every waiver is tracked and flagged when it lapses. Auditors love this.
Invite internal staff, external assessors, and auditors with scoped access — limit to specific systems, set expiry dates, assign roles (Admin, Assessor, Auditor, Read-only). One login, multiple organisations.
Every action logged with timestamp, user, and IP. Exportable CSV for external audits.
Compliance summaries delivered by email weekly, monthly, or quarterly — automatically.
Built-in AI support agent. Ask about NZISM controls, get guidance, raise a support ticket — inside the portal.
Passwordless magic link login with optional TOTP MFA. Enforce MFA org-wide from settings.
Frameworks
Map controls once — satisfy multiple frameworks. AccreditAZ identifies overlapping controls so you never do the same work twice.
NZ Information Security Manual
PrimaryInformation Security Mgmt
ACSC Maturity Model
Payment Card Industry
Trust Service Criteria
Cybersecurity Framework
NZ Cyber Security Assessment
Bring your own framework
A single system can span multiple frameworks. Evidence reused across all applicable controls.
For Directors & Boards
Director-level reports with plain-language summaries — no jargon, no technical detail, just the compliance posture information a board member needs to fulfil their governance duties.
Overall posture — percentage of controls implemented, open risks by rating, policy review status. One number, full context.
Open risks by rating (Critical / High / Medium / Low), treatment status, and overdue items flagged clearly for board awareness.
Open and recently closed incidents, severity breakdown, average resolution time. The paper trail directors need for liability protection.
Reports emailed automatically to directors on your schedule — weekly, monthly, or quarterly. No chasing the CISO for a PDF.
Directors can be added as read-only users — no licence required.
For Consultants & Assessors
AccreditAZ uses a global identity model — your single account gives you access to every client organisation you're engaged with, each completely isolated from the others.
Log in once. An org picker shows every client engagement you're active in. Switch between them without logging out.
Clients can limit your view to just the systems you're engaged on. Assessor and auditor roles give you the right level of access — no more, no less.
Engagement access can have an expiry date set by the client. Access automatically lapses — no manual revocation needed. Clean, auditable.
Hosted in New Zealand
Your compliance data never leaves NZ. Built for government and regulated sector requirements.
TLS encryption + MFA
All data encrypted in transit and at rest. Magic link auth with optional TOTP MFA on every account.
Privacy Act 2020 compliant
Built and operated under NZ law. No data sold or shared. Right to access and deletion supported.
Pricing
No per-user fees. No surprise costs. Start free, scale when you're ready.
Free for a limited time. No credit card.
For organisations getting started. Run a real system through the full C&A process before spending a dollar.
NZD excl. GST
For organisations actively working through certification across a handful of systems.
NZD excl. GST
For organisations managing multiple systems across multiple frameworks — the full platform, no limits.
Talk to us
For large agencies, consultancies managing multiple clients, or organisations with bespoke requirements.
All prices in NZD excl. GST · Annual billing available with ~20% discount · AUD pricing available
Not sure which plan? Start free — upgrade anytime, no lock-in.
Sign up free. Add your first system, map your controls, and start building the evidence trail you need — before the auditor arrives.