Compliance & Frameworks

The frameworks your organisation is assessed against, built in.

Speculo ships with NZ compliance frameworks ready to assess against. Assign a framework to your organisation, respond to each requirement, and track your maturity across every control area. One platform, every framework you need.

Get a demoSee the full platform

Now live

Start assessing against MCSS today.

Speculo's first built-in framework is the NCSC's Minimum Cyber Security Standards. The full MCSS requirement register is loaded and ready. Assign it to your organisation and begin your first assessment immediately.

LiveNCSC New Zealand

MCSS

Minimum Cyber Security Standards

The mandatory baseline for NZ public sector agencies. Speculo ships with the full MCSS requirement register built in. Assign it to your organisation and start assessing immediately, with maturity tracking per requirement and board-ready reporting built in.

  • Assign a single MCSS to your whole organisation for an overarching view, or run separate assessments per business unit or branch for a more refined picture.
  • Each part of the business conducts its own assessment independently. Results are available at both unit and organisation level.
Learn about MCSS

Cross-framework control mapping

Assess once. Satisfy many frameworks at the same time.

Speculo lets you cross-link your internal controls to requirements across multiple frameworks. When you add a second or third framework, your existing control work carries across automatically. No starting from scratch.

  • A single control assessment can satisfy requirements across multiple frameworks simultaneously, removing the duplication from your programme.
  • Per-requirement target maturity tracking with current-versus-target visibility so you can see gaps and prioritise improvements.
  • Your evidence register stays lean: collect evidence once and reference it across every framework you operate under.
  • Framework-level and requirement-level reporting for every audience, from the assessor running the programme to the board reviewing the output.

Coming soon

More frameworks on the roadmap.

Speculo is adding NZ and international compliance frameworks progressively. Each one will follow the same pattern: a full requirement register, ready to assess against immediately, with cross-framework control mapping to reduce duplication across your programme.

NZISMSoon

NZ Information Security Manual

GCSB

The comprehensive security standard for NZ government agencies. Full control catalogue and requirement register coming to Speculo.

HISFSoon

Health Information Security Framework

Health New Zealand

The security framework for NZ healthcare providers covering clinical and corporate systems.

NIST CSFSoon

Cybersecurity Framework

NIST

The internationally recognised framework for managing cybersecurity risk across any sector.

ISO 27001Soon

Information Security Management

ISO / IEC

The international standard for information security management systems and certification readiness.

Want a specific framework prioritised? Let us know.

Also in the platform

Optimised Cyber Risk Assessments

The structured workflow, risk scoring, and evidence collection that feeds your compliance programme.

Full platform overview

All eight capability areas in one page, with screenshots and full detail.

See the framework assessment workflow in action.

Book a 30-minute walkthrough. We will show you how MCSS works in Speculo and what the roadmap looks like.

Get a demoSee the full platform