Governance and Risk

We'll help you to understand your key threats, stakeholder needs, and control environment. Make informed decisions on cybersecurity, based on your business risks.

How we can assist:

Good governance ensures you’re meeting your regulatory requirements in New Zealand, and that you’re keeping up with industry best practice - reducing exposure to your organisation's particular risks be they loss of competitive advantage, regulatory breaches, loss of productivity, loss of customers, damage to your brand or other areas of concern to your organisation.

Our experienced cybersecurity advisory services consultants will work with you to understand your concerns.

Partnering with a broad range of organisations, across all industry sectors, has given us deep experience reducing information security risks - experience we can draw on to assist your team.

We start by listening.

Security Frameworks and Controls Assessment

Tesserent has experience developed over many years, across all industries, in assessing, implementing and certifying information security systems against a wide variety of industry recognised standards

We partner with our clients to help select an Information Security Management System (ISMS) framework most appropriate for you, dependent upon the nature of your business, your objectives and the regulations in your industry. The more common standards include:

  • CERT NZ Critical Controls.
  • ISO27001:2013 – Information Security Management System
  • Center for Internet Security (CIS) – Critical Security Controls Version 8
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework V1.1 / NIST 800-171R2 and others
  • CPS234 – Security Standard (Regulated Entities)

Regardless of the cybersecurity risk management framework selected, we work with our valued clients to ensure that security controls are appropriate for your organisation's specific business objectives and strategies, circumstances, priorities and risk tolerances.

Risk Management

Accurately identifying and quantifying organisational risks assists in your organisation’s ability to mitigate threats, and manage risks, to a level acceptable to your circumstances.

Our Threat and Risk Assessment can assist you to examine the reality of the current external and internal threats, and the risks, to your organisation, its information, and information systems. We’ll then work with you on an appropriate control program.

We can assist in the assessment, development and implementation of Enterprise Risk Management frameworks based on industry standards and guidelines (i.e., ISO 31000 Risk Management), including all the required elements of:

  • Risk Policy
  • Risk Procedures
  • Risk Registers
  • Risk Appetite Statement and
  • Associated processes across Information Technology and other areas of the organisation.

Security as a Service (SECaaS / CISOaaS / Analyst as a Service)

Hiring Freeze? Regulatory obligations? Insufficient in-house expertise? Board and governance demands? Short term projects?

Tesserent's Security as a Service (SECaaS) offering is designed to assist our clients to drive and enhance their security agenda and posture by providing a senior, experienced consulting practitioner to provide advice on a project or program basis. We’ll support your internal resources in the design and delivery of your overall security program.

Our security practitioners will work with your Information and Senior Management teams to support the achievement of your security goals including, for example, advice in following areas:

  • Enterprise Risk Management
  • Security Strategy Design and Development
  • Governance and Control Frameworks
  • Security Leadership Advice and Management Support
  • Information Technology Audit and Control Programs
  • Policy and Standards Design

In the establishment phase of the service engagement, we’ll collaborate with you to define and document the program of works to be completed.

Third Party Security Assessment

Third party / vendor and supplier risk is a growing security concern for all organisations. Tesserent will partner with you to tailor a suitable Third-Party Assessment solution that can be designed, built and operated by you, or on your behalf. Our 3rd party assessments can be completed against any of the recognised industry standards, or a hybrid of standards, to meet your specific commercial, governance or regulatory requirements. We can:

  • Design and develop tailored Third-Party Supplier/Vendor Security Questionnaires,
  • Plan and execute pilot 3rd party security assessment programs,
  • Provide ongoing support (quarterly) to assess an agreed number of suppliers,
  • Execute pre-designed 3rd party assessment processes – ad hoc, or as a regular service.

Supplier Risk

Our panel of experts tackle the question: What due diligence should you implement for new, and existing vendors / suppliers, as part of your standard way of doing business? Click here to explore the full video series.

Stocksy txpad2e7595sx G300 Medium 662861 copy
Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 4 min