Cyber Risk Intelligence Platform

See where you're exposed. Know what to fix first.

Speculo replaces spreadsheets, fragmented tools, and guesswork with one platform for managing cyber risk assessments. From scoping to sign-off, you get the visibility to make smart decisions and the reports to prove it.

Last updated: May 2026

Get a demoSee how it works

Purpose-built for NZ frameworks

From scoping to sign-off in one platform

Used across government, healthcare, and regulated enterprises

STRUCTURED ASSESSMENT WORKFLOW

Seven stages. One clear path from scoping to sign-off.

Speculo walks your team through a structured, seven-stage assessment workflow: Introduction, Data, Scope, Risks, Controls, Remediation, and Sign-Off. Each stage captures the right information at the right time, so nothing falls through the cracks. You can run multiple assessments in parallel, track progress across business units, and generate reports at any point in the process.

  • Three assessment levels (Compliance Focus, Maturity Assessment, Audit Optimisation) let you match the depth of the assessment to the purpose, with directional upgrade between levels.
  • Risk scoring uses a configurable likelihood-by-impact matrix with colour-coded heatmaps. See exactly how each control decision changes your risk position, so you can prioritise what moves the needle most.
  • Digital sign-off, recertification tracking, and automatic renewal reminders keep assessments current without manual follow-up.
See the workflow in action

FRAMEWORK COMPLIANCE

Map your controls to the frameworks that matter.

Speculo ships with compliance frameworks like the NCSC's Minimum Cyber Security Standards (MCSS) built in, ready to assess against. Assign frameworks to your organisation, respond to each requirement, and track your maturity across every control area. Cross-framework control mapping lets you link your controls to multiple framework requirements, so you assess once and report against many.

  • Pre-built framework templates (including MCSS) with requirement registers that you can start assessing against immediately.
  • Target maturity tracking per requirement, with current-versus-target visibility so you can see gaps and prioritise improvements.
  • Cross-framework mapping means a single control assessment can satisfy requirements across multiple frameworks, cutting duplication.
Explore supported frameworks

ANALYTICS AND REPORTING

The right report for the right audience, without the rework.

Speculo's analytics workspace is built around personas: CISO, Board, Project Manager, Assessor, Auditor, and more. Each persona sees the charts and tables relevant to their role, pre-configured and ready to export. The Board Summary gives executives current-versus-target scoring and risk trend in one view. The CISO view breaks down risk deltas by technical and business owner. Every chart can be exported to Word, PDF, or CSV.

  • Pre-built report pages for nine audiences (Assessment Risks, Board Summary, CISO, Controls, Project Manager, Assets, Remediations, Planning, Q&A) with configurable report builders.
  • Your board sees the data you worked from, not a summary someone prepared overnight. Risk position, trend, and control coverage in one view, pre-configured and ready to export.
  • Static and dynamic report generation: produce a point-in-time snapshot or a live report that updates as assessment data changes.
See sample reports

45

Report types, across every audience

350 × 6

Control maturity levels

7

Workflow stages, scoping to sign-off

3

Risk assessment types, basic to audit-optimised

EVIDENCE COLLECTION

Collect it once. Use it everywhere.

The evidence register groups evidence by document, tracks approval status per item, and lets you re-use evidence across multiple controls and assessments. Approvers can approve or reject individual items with comments, or approve all items in a batch. Files, URLs, and usage counts are visible at a glance, so you always know what's been collected, what's been verified, and where the gaps are.

  • Per-item approve/reject workflow with comments, plus batch approval for efficiency when reviewing large evidence sets.
  • Evidence re-use across controls and assessments eliminates duplicate collection and keeps your evidence register lean.
  • Approval status filtering (Approved, Pending, Not Required) lets reviewers focus on what needs attention right now.
Learn how evidence works

REMEDIATION TRACKING

Track every fix. Sync with your existing tools.

Every remediation task lives inside the assessment workflow, with priority levels, task owners, completion dates, and progress tracking built in. Speculo connects directly to Azure DevOps and Jira, so remediation tasks sync with your existing project management tools. No more copying work items between systems or chasing status updates across platforms.

  • Remediation tasks include priority (High, Medium, Low), task owner assignment, completion percentage tracking, and effort scoring visible in the assessment workflow.
  • Azure DevOps and Jira integrations sync work items with health checks and manual sync options.
  • Integration credentials are encrypted at rest. Your connection to DevOps or Jira is scoped to remediation tasks only, so the rest of your environment stays separate.
Ask about integrations

Ready to see Speculo in action?

Schedule a call with the Speculo team.

Get a demo

EXEMPTION MANAGEMENT

Exemptions with a paper trail, not a paper chase.

When a control can't be met, Speculo captures the exemption with its business justification, compensating controls, risk position, and approval chain. Tier-based approval (advisory tier and decision maker tier) ensures the right people sign off. Every exemption has a validity period with automatic background reminders before expiry, and the full audit trail is preserved from request through to renewal.

  • Two-tier approval workflow: Tier 1 (advisory tier) and Tier 2 (decision maker tier) with approver assignment and admin proxy approvals for when delegated authority is needed.
  • Scoped and enterprise exemption types let you apply exemptions to specific controls within an assessment or across the entire organisation.
  • Automatic expiry reminders, Word/PDF report generation, and a full audit trail timeline keep exemptions transparent and auditable.
Learn about compliance tracking

ENTERPRISE CONTROL MANAGEMENT

One view of every control across every assessment.

Enterprise Controls give you an organisation-wide view of your control landscape. Changes propagate across every assessment that references a control, so you maintain consistency without manually updating each one. Track target and current maturity, certification status, ownership, and the number of risks each control is applied to, all from a single register.

  • Cross-assessment propagation means updating an enterprise control automatically reflects in every assessment where it appears.
  • Certification status, maturity tracking, and ownership assignment give you a clear picture of which controls are verified and which need attention.
  • Change logs, evidence controllers, and remediation controllers attached to each enterprise control provide a complete audit history.
Explore enterprise controls

Ready to see Speculo in action?

Book a 30-minute walkthrough with the team. No pitch deck, no procurement process: just the platform.

Get a demoSee pricing