Government Agencies
Manage NZISM compliance across multiple systems and classifications
IT Service Providers
Demonstrate security posture to win and retain government contracts
Cloud Providers
Prove your platform meets NZ government security requirements
NZISM Certification is Complex
Without the right tools, achieving and maintaining certification is a significant undertaking.
1,000+ Security Controls
NZISM contains hundreds of controls across multiple security domains. Manual assessment is overwhelming and error-prone.
Complex Certification Workflow
Multi-stage certification process with numerous stakeholders. Tracking state transitions and approvals is challenging.
Evidence Requirements
Auditors need comprehensive evidence for every applicable control. Gathering and organizing documentation takes months.
Purpose-Built for NZISM
The only platform designed specifically for NZ Information Security Manual compliance.
Applicability Assessment
Intelligent scoping identifies which controls apply to your system. Focus only on what matters for your classification level.
15-State Certification Workflow
Complete workflow from initiation through certification. Role-based transitions ensure proper governance.
Control Assessment Dashboard
Visual progress tracking across all NZISM sections. Real-time compliance scoring and gap identification.
Enterprise & System Scope
Support for both enterprise-wide and system-specific certifications. Inherited controls reduce duplication.
Immutable Audit Trail
Every action logged with timestamp and user. Complete audit history for governance and review.
Executive Reporting
Generate certification reports, compliance summaries, and audit packages with one click.
Complete Certification Lifecycle
From initial assessment through ongoing maintenance, every stage is supported.
- Draft
- Submitted
- Under Review
- Assessment In Progress
- Assessment Complete
- Pending Approval
- Certified
- Conditionally Certified
- Active
- Re-certification Required
- Expired
Full NZISM Coverage
Our platform covers the complete NZISM control set with intelligent applicability filtering.
- Information Security Governance
- Personnel Security
- Physical Security
- Information Security
- Communications Security
- System Acquisition & Development
faster time to certification
NZISM FAQ
What is NZISM?
The New Zealand Information Security Manual (NZISM) is the government's security policy and technical guidance for protecting information and systems. It provides security controls and guidelines that organizations must follow when handling government data.
Who needs NZISM certification?
Government agencies, contractors, and suppliers handling government data typically need NZISM certification. This includes IT service providers, cloud providers, and any organization processing classified or sensitive government information.
What classification levels does CyberGrape support?
Our platform supports all NZISM classification levels from UNCLASSIFIED through to RESTRICTED. Control applicability is automatically adjusted based on your system's classification.
How does the workflow system work?
Our 15-state workflow covers the complete certification lifecycle with role-based access control. Each transition is logged, approved by authorized personnel, and maintained in an immutable audit trail.