Platform

One workspace. Four pillars.

The platform's job is to make co-ordination cheap. Your team can spend the time saved on the things that don't have a button — judgment, escalation, communication, decisions.

Pillars

Four pillars, one workspace. No more tab-switching.

Govern your control library. Respond when something happens. Remediate the exposures that drive risk down. Simulate before the real thing lands. Each pillar shares the same policy hierarchy and the same data model — so the work in one shows up in the others.

Govern

Policies that translate into action

A six-layer document hierarchy — policy, standard, procedure, playbook, runbook, automation — versioned, owned, and customisable per organisation. Baseline templates ship in the box; you customise and own your copies from day one.

Pre-built playbook and runbook library aligned to NIST CSF 2.0, ISO 27001 and NZISM.
Inline RASCI on every artefact, with notifications when responsibilities change.
Every artefact versioned. Every incident records the version it ran.

Respond

A live workspace for the IR lead

Declare an incident, attach the right playbook, assign the procedure checklist, and let the activity log capture every move. Regulatory clocks and comms timers stay on screen so the IR lead never has to do mental arithmetic.

Activity log is append-only — a legally defensible record by design.
Comms timers and notification deadlines visible at all times.
Scoped external access for DFIR, legal, insurers and partners.

Remediate

Exposures, tracked to verified close

A central register for every vulnerability, control gap and weakness — with risk scoring, owner, due date, and a verification step before close. Trend visibility tells you if the programme is actually working.

Map exposures to the policies, standards and procedures they violate.
Workflow from triage through remediation to verification.
Quarterly trend reporting — by team, by service, by control family.

Simulate

Tabletops that use the same workspace

Run exercise cases against the same playbooks, the same checklists and the same activity log your live response uses. Tagged separately so they stay out of programme metrics — but practised in the muscle memory of the tool your team will reach for at 02:00.

Exercise cases flagged and excluded from "needs me" surfaces.
Replay a previous tabletop to seed a new scenario.
After-action report shares the same PIR template as live incidents.

Aligned to the standards your auditors recognise

NIST CSF 2.0NIST SP 800-61r3ISO/IEC 27001ISO/IEC 27035NZISMCPS 234Essential EightIEC 62443

Foundation

A six-layer document hierarchy. Every artefact has an owner, a version, and a parent.

Policy at the top, automation at the bottom — and an unbroken accountability chain in between. Baseline templates come pre-loaded; you customise and own your copy from day one.

L1PolicyDomain ownership
L2StandardMandatory rules
L3ProcedureStep-by-step
L4PlaybookIncident workflow
L5RunbookOperator action
L6AutomationCode / triggered

Library

Pre-built playbooks & runbooks. Customisable from day one.

A starter library covering the incidents you'll actually face — and the runbooks the team needs at 02:00. Every artefact is yours from the moment you log in. Versioned. Owned. Editable.

Type	Code	Name	Aligned to
playbook	PB-IR-001	Ransomware response	NIST CSF 2.0
playbook	PB-IR-002	Business email compromise	NIST CSF 2.0
playbook	PB-IR-003	Insider threat — data exfil	NIST CSF 2.0
playbook	PB-IR-004	OT/ICS safety incident	IEC 62443
runbook	RB-NET-007	Isolate compromised host	Internal
runbook	RB-IDP-002	Revoke and rotate credentials	Internal
runbook	RB-EDR-001	Triage EDR alert	Internal
runbook	RB-VLN-003	Patch verification workflow	Internal

Browse all 98 playbooks & runbooks

Want a guided tour? 30 minutes.

We'll show you the workspace under load — declaration, triage, comms, external access, and the audit trail.

Book a demo See use cases