Compliance · pick your sector
Compliance help, by industry.
The compliance pressure on a 50-seat firm rarely comes from a single regulator. It comes from a stack of overlapping obligations the IT environment either quietly carries or quietly fails. Pick your industry for the operator's view of what we do.
Industries · seven sectors we work in
Pick the sector that fits.
We work with firms of 20 to 250 staff across legal, finance, construction, mining services, registered training, health and aged care, and not-for-profit. The compliance picture for each is genuinely different. Each industry page lays out what we do for that sector and which currently-live regulations have a topic card on it.
Compliance
Law firms
- AUSTRAC Tranche 2 AML/CTF · effective 1 July 2026
Compliance
Finance, advisers, accountants
- AUSTRAC Tranche 2 AML/CTF · effective 1 July 2026
Compliance
Construction and engineering
No regulator-driven topic cards live for this sector right now. The page lays out how we handle compliance for construction and engineering as part of a managed-IT engagement.
Open the construction and engineering pageCompliance
Mining services and technology
No regulator-driven topic cards live for this sector right now. The page lays out how we handle compliance for mining services and technology as part of a managed-IT engagement.
Open the mining services and technology pageCompliance
RTOs and training organisations
- 2025 Standards for RTOs · in force since 1 July 2025
Compliance
Health and aged care
No regulator-driven topic cards live for this sector right now. The page lays out how we handle compliance for health and aged care as part of a managed-IT engagement.
Open the health and aged care pageCompliance
Not-for-profits
No regulator-driven topic cards live for this sector right now. The page lays out how we handle compliance for not-for-profits as part of a managed-IT engagement.
Open the not-for-profits pageWhat we do · across every sector
The shape of the work, regardless of sector.
Compliance is not a service line for us. It is the operational discipline running underneath the managed-IT engagement. Identity that holds, retention that survives a vendor switch, audit logging that produces evidence on demand, backup that has been restored from at least once, and the documentation that links each control back to the obligation it satisfies.
Where a sector has a specific regulator-driven obligation that demands more (AUSTRAC's AML/CTF programme machinery, the Aged Care Act's Information Management standard, ASQA's audit posture under the 2025 Standards), we add the sector-specific overlay. Where the obligation is cross-cutting (Privacy Act notification readiness, cyber-insurance questionnaire support, client-driven security questionnaires), we run a single control environment that answers most of it without a separate per-obligation build.
We do not interpret regulations and we do not write your compliance documentation. Your compliance officer, your lawyer, your sector consultant own the interpretation. We own the IT environment that has to substantiate the interpretation when somebody asks.
Next step · start with the evidence
Find out where you actually sit.
The Essential Eight self-assessment takes about ten minutes and gives you a branded PDF report you can hand to your compliance officer, your insurer, or your board the same day. It is not sector-specific, but the controls behind it underpin almost every compliance obligation we see in practice.