Axel Book a call

ACSC ESSENTIAL EIGHT

A real Essential Eight maturity rating — documented, evidenced, and defensible.

Government agencies and large enterprise customers are asking suppliers about their Essential Eight posture. We configure the controls, gather the evidence, and prepare you to answer confidently — whether that's for a tender response, customer due diligence, or a formal IRAP assessment.

Book a 30-minute call

WHAT THIS GETS YOU

Something you can show a customer — and stand behind.

Customers are increasingly asking SMBs to demonstrate their cyber security posture before contracts are signed. "We take security seriously" is no longer enough — they want a maturity level and evidence to back it up.

Axel configures your Essential Eight controls, collects the evidence from your environment, and produces a maturity report you can share with confidence. If a formal IRAP assessment is required, we prepare you for that too — and stay alongside you through it.

WHAT'S INCLUDED

Configured controls and documented evidence.

Control configuration

We configure the eight mitigation strategies in your Microsoft 365 environment — application control, patching, macro restrictions, MFA, and the rest — to your target maturity level.

  • Application control policy
  • Patch management for OS and applications
  • Microsoft Office macro restrictions
  • User application hardening
  • MFA enforcement across all accounts
  • Admin privilege restriction

Evidence collection and reporting

Evidence pulled directly from Microsoft Defender and Entra — not self-reported. We produce a maturity report per mitigation that is audit-ready and shareable in tender responses.

  • Maturity level 0–3 rating per mitigation
  • Evidence sourced from Defender and Entra logs
  • Gap report with specific remediation steps
  • Shareable executive summary for customer due diligence
  • Tender-ready maturity statement

Assessment support

If your customer or contract requires a formal IRAP assessment, we prepare your documentation pack and sit alongside you through the assessment — the same way we support DISP and ISO 9001.

  • IRAP assessment preparation
  • Assessor briefing and technical liaison
  • Finding response and remediation
  • Ongoing maturity monitoring after accreditation

THE PROCESS

From baseline to rated.

  1. 1

    Current state assessment

    We run a baseline read of your environment against the ACSC Essential Eight. You'll know within the first week where you currently sit and what it takes to reach your target maturity level.

  2. 2

    Control configuration

    We configure the required controls in your Microsoft 365 environment. Most businesses can reach Maturity Level 2 within two to three weeks from kickoff, depending on their starting point.

  3. 3

    Evidence collection and reporting

    We pull evidence from Defender and Entra, produce your maturity report, and package it for customer due diligence or formal assessment submission.

  4. 4

    We sit with you through the assessment

    If a formal IRAP assessment is required, we're in the room. We handle the technical questions, manage any findings, and stay available until the assessment is closed out.

A customer is asking about your cyber posture. Have an answer.

If you're responding to a tender or customer due diligence request that asks for your Essential Eight maturity, book a call. We'll tell you where you sit, what it takes to get rated, and what it costs.

30 minutes. No sales deck. We'll tell you whether we can help and what it would cost.

Book a 30-minute call