North Ark

Security & Compliance — E8, M365, Apps

What you're buying: Certainty

Stop lying awake wondering if you're exposed.

Security & compliance certainty — Essential Eight, M365, app audits, and monitoring.

Customers ask about Essential Eight. Insurers ask about patching. You shipped fast with AI and dread the security questionnaire. Secure gives certainty — maturity snapshots, identity baselines, app audits, and monitoring designed for growing Australian businesses.

Essential Eight maturity reviews, M365 and identity baselines, AI app security audits, E8 remediation, patching baselines, and security monitoring — with plain language and prioritised fixes ranked by business risk.

Free Security ScanBook E8 QuickScan

David Goulding delivers this work directly — senior engineering, not a handoff team.

Assess · Harden · Monitor

Security & compliance in three layers

Essential Eight, Microsoft 365, application security, patching, and monitoring — not AI-app audits alone.

Assess

Fixed-fee, fast close

Know where you stand before you spend on the wrong fixes — Essential Eight, M365, app security, or combined health check.

  • Essential Eight QuickScan

    $4,000 · 7 days · Book FC-03

  • M365 & Identity Baseline

    $3,000 · 5 days · Book FC-04

  • App Security Audit

    $3,500 · 7 days · Book FC-05

  • Security & Compliance Health Check

    $5,000–$7,000 · 7–10 days

Harden

Remediation projects

Close the gaps — E8 controls, M365/Entra policies, app fixes, and patching baselines. Often delivered with Engineer or Ship.

  • E8 Remediation Sprint (Phase 1)

    $8,000 · 3 weeks · Book FC-12

  • M365 / Entra Hardening

    $5,000–$15,000 · 2–4 weeks

  • App Remediation Sprint

    $4,000–$12,000 · 1–3 weeks

Monitor

Ongoing certainty

Security monitoring baseline — logging, tuned alerts, monthly review. Not a 24/7 SOC; escalation playbook included.

  • Security Monitor Baseline

    $2,500/month · Ongoing · Book FC-22

  • Quarterly Re-assessment

    $1,500–$2,500 · Per quarter

North Ark does not sell 24/7 manned SOC services. We design monitoring, tune alerts, review monthly, and document escalation to your MSP or a North Ark incident project.

Want to see report quality first? Run a free automated scan or book App Security Audit (FC-05) for a customer-ready sample with expert walkthrough.

Free app scanAll fixed packagesBook a Discovery Call

Is this you?

Problems we solve

  • A customer sent a security questionnaire and we have nothing credible to attach.
  • We don't know our Essential Eight maturity level.
  • M365 and remote access grew organically — too many admins, inconsistent MFA.
  • Patches are ad hoc and nobody reviews security alerts.
  • We shipped fast with AI tools and dread the 'is this secure?' conversation.
  • Pen test quotes feel like overkill — we need a practical fix list first.

What's included

  • Essential Eight maturity assessment and remediation roadmap
  • Microsoft 365 and identity baseline review
  • Web application security scan plus manual expert review
  • Patching and logging baseline recommendations
  • Security monitoring design (Defender, Sentinel, or equivalent)
  • Prioritised remediation report ranked by business risk
  • Optional remediation sprints and ongoing monitor retainer

What's not included

  • Formal penetration test certification or red-team engagement
  • SOC2 / ISO compliance attestation
  • 24/7 manned SOC with human analysts
  • Fixes without agreed remediation scope

Process

How we deliver

Assessments: 3–10 business days · Harden: 1–4 weeks · Monitor: ongoing retainer

  1. 01

    Assess

    E8, M365, app, or combined scope — fixed-fee assessments.

  2. 02

    Harden

    Remediation sprints for E8 controls, identity, apps, patching.

  3. 03

    Monitor

    Logging, alerts, monthly review, escalation playbook.

Before

  • Unknown E8 maturity and no artifact for customer diligence
  • Organic M365 with identity gaps
  • Alerts with nobody reviewing them

After

  • Documented maturity level and remediation order
  • Shareable summary for customers and insurers
  • Monitoring baseline with monthly review rhythm

Packages

Essential Eight QuickScan

Customer or insurer asking about security posture

Maturity snapshot + 90-day remediation order

$4,000

Book a Discovery Call

App Security Audit

AI-built or production web applications

Scan + manual review + walkthrough

$3,500–$7,000 per assessment

Book a Discovery Call

Security Monitor Baseline

Post-hardening ongoing visibility

Alerts, monthly review, escalation playbook

$2,500/month + setup

Book a Discovery Call

All prices in AUD. GST applies to Australian clients.

Proof

Related project work

ShipSecure

AI-built prototype to production — launch in three weeks

SaaS founder, pre-revenue

A founder had a working prototype built in Cursor — demo-ready but nowhere near production. Exposed API keys in repo, no CI/CD, Supabase RLS untested, and a launch date already promised to early customers.

  • Time to live: Production in 3 weeks from audit start
  • Security: Critical RLS and auth issues closed pre-launch
  • Enterprise pilot: Passed customer security questionnaire
Read case study

Common questions

Is Essential Eight mandatory for us?
Not always legally — but enterprise customers, insurers, and boards increasingly expect alignment. QuickScan tells you where you stand without a six-figure consultancy.
Our MSP handles security.
MSPs handle BAU tickets and patching at a general level. E8 maturity reviews, app RLS audits, and monitoring architecture are senior project work — we complement your MSP.
Can I scan my app free first?
Yes — use the free scan at northark.ai/scan for an automated score. The paid audit adds manual review, business context, and a customer-shareable report.
Do you run 24/7 SOC?
No. We design monitoring, tune alerts, and review monthly. Your MSP or our Operate retainer handles escalation — not a manned SOC floor.

Often paired with

OperateEngineerShip

Ready to get started?

Book a Discovery Call