BaseHost has released a free, browser-based compliance triage that helps Australian businesses work out which compliance frameworks actually apply to them. Eight short questions, a personalised result on screen, a copy in your inbox. Two minutes. No salesperson required.
What it covers
The triage scores five frameworks against a business’s real context: Essential 8, ISO 27001, SOC 2, SMB1001 and Security Awareness. Each comes back as Strongly recommended, Worth considering, Optional for now, or Not a priority right now, with plain-English reasons for every verdict.
Why we built it
Every week we have a version of the same conversation with a new prospect. They have heard about Essential 8 from their cyber insurer. A US customer is asking for SOC 2 in a renewal questionnaire. The board has brought up ISO 27001. The cybersecurity vendor at last week’s conference mentioned SMB1001. They want to know what actually applies to them, and where to start.
Nobody we could point them at gave a useful answer for free. The existing tools are either single-framework (a maturity assessment for Essential 8, say) or behind a sales conversation. There was a gap in the market for a simple, signal-based starting point: tell me about your business, I will tell you which conversations to have.
How it works
The questions cover industry, business size, customer base, what prospects have asked for, sensitive data classes held, cyber insurance status, awareness training maturity and current Microsoft 365 posture. The scoring engine matches those signals against the trigger conditions for each framework, and produces both a ranked priority list and per-framework reasoning that references the user’s actual answers.
The result is shown on screen, and a copy is emailed to the user with links into the framework primer pages for anything that scored Strongly recommended or Worth considering. If they want to talk it through, the modal contact form is one click from the result.
Where to use it
The triage lives at /compliance-assessment/. It is free, it requires no account, and the only contact details we ask for are a name, work email and organisation so we can email the result back. We keep what is submitted to handle the request, then file it. There is no marketing automation sequence attached.