HOME / PLATFORM / ASSESS
A purpose-built, workflow-driven module that guides you from assessment to action. Quickly identify gaps, align with 65+ available frameworks and generate a tailored improvement strategy that directly supports your business objectives.
of GRC users still rely on spreadsheets for compliance tracking.
This leads to inefficiencies, duplicated efforts and missed opportunities to optimise security posture. Transform the complexity of compliance into clarity and control.
This approach exposes issues:
Gain clarity and control with a structured cyber security approach that delivers visibility and drives continuous improvement.
Select a Framework
Choose from multiple frameworks and answer guided questions tailored to your security maturit
Optimise Effort
Transition effortlessly between frameworks with automatic score carryover from shared controls.
Prioritise Strategically
Rank risks to create a focused, high-impact improvement roadmap.
Deliver Outcomes
Track progress from an intuitive dashboard and generate executive-ready reports at the push of a button.
Optimise Effort
Transition effortlessly between frameworks with automatic score carryover from shared controls.
Deliver Outcomes
Track progress from an intuitive dashboard and generate executive-ready reports at the push of a button.
Select a Framework
Choose from multiple frameworks and answer guided questions tailored to your security maturity
Prioritise Strategically
Rank risks to create a focused, high-impact improvement roadmap.
Optimise Effort
Transition effortlessly between frameworks with automatic score carryover from shared controls.
Deliver Outcomes
Track progress from an intuitive dashboard and generate executive-ready reports at the push of a button.
Select a Framework
Choose from multiple frameworks and answer guided questions tailored to your security maturity.
Prioritise Strategically
Rank risks to create a focused, high-impact improvement roadmap.
Great customer support. Engaged with helping customers achieve greater efficiencies for GRC.
Pepper Money
The platform provides a boost for overworked and under resourced Cybersecurity and GRC people (like myself). The ability to switch frameworks so easily lets me quickly change the reporting lens without needing to re-invent the wheel or spend half my life on repeat in Excel.
McConnell Dowell
We are starting to heavily utilise the functionality to make notes against controls and attach documents as evidence for uplift. We also find the ability to generate up to date reports a huge help in relation to our reporting obligations to our executive leadership team.
Ballarat City Council
MyCISO’s Supplier module allows our organisation to feel confident that our supply chain is monitored and protected for cyber risks and any gaps can be identified and addressed easily. Given how increasingly complex supply chain management is becoming it really helps having a single pane of glass view making it quicker and easier to manage our third-party supply chain.
Northen Inland Credit Union
Developed to help move organisations forward in their security journey faster and without the overwhelm.
The Command Centre
The Assess Dashboard offers a centralised view of your cybersecurity program’s current state. It visualises control maturity scores, risk ratings, deployment effort, and responsible stakeholders. Users can set target maturity levels, track progress over time and export filtered or full datasets for analysis.
The dashboard also includes a heat map for risk visibility and a control detail modal for in-depth reviews, helping organisations easily prioritise actions and monitor improvements.
Frameworks
Over 60 Australian and global frameworks mapped to our common controls, enabling rapid switching without redundant work.
The platform also supports tracking across multiple frameworks, so if you’re adhering to an industry framework plus NIST 2.0, for instance, you can easily combine control questions and eliminate duplication.
Users can up-sync and down-sync maturity data across frameworks, apply scanned vulnerability scores directly into assessments and customise maturity descriptions. This supports flexible and tailored assessments aligned to your business requirements.
Controls
The Controls feature provides access to a detailed library of over 1,500 mapped security controls. Users assess their maturity (on a 0–5 scale), assign responsibility, mark controls if not applicable and add notes or supporting links. Filters help prioritise incomplete or deficient controls, and scanned vulnerabilities can be used to pre-fill control answers.
This capability forms the core of the evaluation process, measuring maturity level for each control with concise explanations, giving you clear insights into the requirements needed to progress up the maturity scale.
Risks
The platform highlights the 15 most common risk scenarios, ranking their likelihood based on control coverage and maturity from your assessment.
Risk ratings guide prioritisation and are linked directly to control relevance, enabling targeted remediation efforts. This section also supports syncing risks across multiple frameworks for consistency.
Every business is unique, customise the risk language to align with your organisation.
External Vulnerabilities
This feature draws on over 200 internet-facing data points to provide objective visibility into risk indicators linked to your primary and associated domains. With multiple scan levels available, you can monitor different sets of domains as needed.
Top-level scans (Level 3 or Level 4) can automatically inform control maturity assessments, enabling a risk-informed improvement strategy that updates every 24 hours.
Just Released: Level 4 scans are now available. These offer the same granular detail and contextual insights as Level 3, with the added benefit of specific remediation recommendations to support faster resolution.
This is not a one-time scan. Internal and external scans are continuously updated every 24 hours for a full year.
Add breach notifications for all scanned domains, and you gain an unprecedented level of visibility and protection.
Internal Vulnerabilities
NEW!
The platform now provides powerful insights into internal vulnerabilities, based on scans of over 300 data points. This enhancement delivers deeper visibility into configuration issues, system exposures and internal risks that may otherwise go undetected.
Findings are seamlessly integrated across relevant MyCISO modules, automatically pre-filling responses for numerous controls within selected frameworks. This streamlines assessments, reduces the risk of manual errors and frees up IT and security teams to focus on remediation rather than data entry.
Comply
Let’s bust a myth… ISO 27001 certification isn’t a one-and-done project. It’s a management system, not a milestone.
Achieving certification is just the beginning. The real challenge is maintaining it. Surveillance audits, internal reviews, documentation updates and continuous improvement must become part of your ongoing rhythm.
The Comply add-on supports just this. A management tool that becomes your living system for compliance, audit readiness and maturity over time. Data is maintained through the years meaning as requirements change, you are only updating what’s needed.
File Store
The File Store serves as the central repository for all generated reports, including framework assessments, risk ratings, and strategy documents. Users can create dynamic reports on demand or schedule recurring exports.
This feature ensures that board-ready, stakeholder-facing outputs are readily available, streamlining communication and decision-making processes across leadership teams.
Your own files can be uploaded to controls and risks and associated to many objects, saving time. File security scanning and a quarantine zone also applies, with full file encryption both in transit and at rest.
Best of breed reporting is our superpower!
Effortlessly generate a wide range of reports, automatically scheduled to be saved to your file store, ready whenever you need them.
Featuring dynamic data, interactive graphs and customisable content, these reports keep your key stakeholders informed in real-time with minimal effort.
With export options in editable PDF, Word or PowerPoint, you have ultimate flexibility to tailor relevant, impactful outputs that meet the reporting needs of your organisation.
A Guided Path to Compliance
The MyCISO Comply add-on is designed to support organisations on their compliance journey by embedding operational structure around ongoing compliance obligations. It builds on the foundational insights from the Assess and Manage modules, introducing a cadence of recurring tasks, reminders and control management activities that align to specific requirements.
Comply ensures organisations not only meet but maintain their compliance positions with confidence and minimal administrative burden.
Considering or in the midst of an ISO 27001 certification? Comply is a gamechanger.
Eliminate the chaos of manual processes and build a resilient, scalable compliance strategy with MyCISO Assess.
Ready to see how it works?
Book your personalised demo today and take the first step toward security excellence.
