Cybereen / Platform / Maturity assessments
PLATFORM CAPABILITY

Maturity assessments that show the next step, not just the gap.

Auto-scored against Essential Eight ML0–ML3, ISO 27001 Annex A, and NIST CSF. Every assessment ships with a prioritised remediation path your team can actually execute.

Start your baseline → See how it works
4 standards out of the box 30 min to first score Board-ready on day one
WHAT YOU GET

Three things, every time you run an assessment.

No 90-page guide. No 8-hour workshop. The platform does the scoring, the maths, the pack.

Auto-scored maturity, every control.

Plain-English questions roll up into a level per control family, a level per strategy, and an overall score. Recalculates the second evidence lands.

Per control · Per family · Overall

The next step, surfaced.

For every score, the highest-impact next control to lift it. Ranked by effort vs maturity gain, with the evidence you'd need and an owner suggestion.

Prioritised · Effort-scored · Owned

A board-ready maturity report.

One-click PDF. Cover page, scope, methodology, scores per family, prioritised next steps, evidence appendix. Versioned, signed-off, regulator-friendly.

PDF · Versioned · White-label
HOW IT WORKS

Three steps. 30 minutes to first score.

From "we should probably do an assessment" to "here's our ML1.4 and the next step", in one sitting.

Step 01

Pick your standard.

Choose Essential Eight, ISO 27001 Annex A, NIST CSF 2.0, APRA CPS 234, or any combination. Cybereen pre-loads the control list. Bring a custom XLSX/CSV if you have one.

E8 ISO 27001 NIST CSF CPS 234 CUSTOM
2 frameworks selected · 152 controls
Step 02

Answer the questions.

Plain-English, with examples and inline guidance. Attach evidence as you go. Collaborate with field-level audit trail. Save and resume across sessions.

MFA on external services
Patch apps within 48 hours
· Backups tested daily
· User app hardening
Step 03

See your maturity score.

Radar chart per control family, ML score per strategy, prioritised next steps with effort-vs-gain ranking. Export to PDF, share with the board, hand off to your partner.

Overall · ML1.4 Target · ML2.0 Gap · +0.6
USE CASE

200-person AU fintech. ML1 → ML2 in 6 months.

An ASIC-regulated payments platform, two engineering offices, one director on the audit committee, one deadline in front of an APRA-aligned customer.

SYDNEY · MELB · 2 ENG TEAMS · 220 ENDPOINTS

From spreadsheet baseline to audit-defensible ML2, on the same control library.

Started at a scattered ML0/ML1 across the eight strategies. Cybereen surfaced four next-step controls: daily restore-tested backups, macro hardening on Office, OS patch SLA, and admin-privilege time-boxing. The team owned the implementation. The platform tracked the evidence.

3 wks → 4 days
Audit prep
reduced
ML1 → ML2
In 6 months,
across all 8
152
Evidence artefacts
captured & dated
1
Board pack,
auto-generated

"The 'next step' ranking is the bit. Our IT lead stopped guessing which control would move the needle. The maths did it for him."

— HEAD OF RISK · 200-PERSON FINTECH
PART OF THE PLATFORM

One assessment. Many surfaces it feeds.

Maturity assessments don't sit on an island. They consume evidence, drive multi-standard mapping, and roll up into the reports your auditor and board actually open.

Feeds in

Evidence Library
screenshots · configs · sign-offs
Multi-Standard Mapping
one answer → many standards
YOU ARE HERE

Maturity assessments

Auto-scores the controls you've answered, surfaces the next step, drafts the report. Recalculates the moment evidence lands.

E8 ISO 27001 NIST CSF CPS 234

Feeds out

Reporting
board · auditor · regulator packs
Risk Register
residual ratings & treatment
ONE EVIDENCE MODEL
Answer a control once. It scores in every standard that asks for it, rolls into the report that needs it, and updates the residual risk it touches. No retyping. No reconciling.
FAQ

The three we get asked first.

How long does an initial assessment take? +
30 minutes for a starter Essential Eight baseline. 2–4 hours for a full ISO 27001 Annex A walkthrough. Most teams answer roughly half the questions on the first sitting and resume the rest over the week — the assessment auto-saves at the field level.
Can multiple people answer the same assessment? +
Yes. Assessments are collaborative, with a field-level audit trail — who answered, when, with what evidence. Assign control owners, request review, lock answers for sign-off. Every change is versioned, so a reviewer can see exactly what shifted between draft and final.
Do you support custom frameworks? +
Yes. Bring any XLSX or CSV control list, or write your own directly in Cybereen. Custom frameworks score the same way as the built-in ones, map to the same evidence library, and feed the same reports. Common asks include SOC 2, PCI DSS, internal control catalogues, and parent-company frameworks for AU subsidiaries.

Score your baseline in 30 minutes.

Pick a standard, answer the questions, get the next step. No 90-page guide. No 8-hour workshop. No new spreadsheet.

Start your baseline → See the full platform