Not legal advice
SecurityPolicy.com.au is a research and template library, not a law firm, and nothing on this site, in a downloaded template, or in correspondence with us is legal advice. We do not review your specific facts, we do not form a lawyer-client or advisor-client relationship with you, and the guides are written to be generally applicable to businesses in Australia or New Zealand, not to your particular circumstances. If a decision carries real legal, financial or regulatory weight, have it reviewed by a qualified professional before you rely on it.
Not a guarantee of compliance
Completing a template, following a guide, or reading every article on this site does not guarantee compliance with ISO 27001, the Essential Eight, SMB1001, the NZISM, the Privacy Act 1988, the Privacy Act 2020, the Notifiable Data Breaches scheme, NCSC guidance, or any other law, framework or standard referenced here. Compliance depends on facts specific to your business — your industry, your contracts, the data you hold, the systems you run and how you actually operate — none of which we know when we write a general-purpose guide or template.
Jurisdiction: two separate libraries, not one
The Australian library is written to Australian law and Australian government guidance. The New Zealand library is written to New Zealand law and New Zealand government guidance. They are deliberately kept separate — an Australian template is not correct for a New Zealand business and the reverse is also true. Check the country badge on any guide or template before you rely on it, and use the library that matches where your business is actually registered and operating.
Currency: law and guidance change
Every guide carries a "Reviewed" date. Between review dates, the law, a regulator's guidance, or a framework's requirements can change without this site being updated immediately — recent examples include the CERT NZ to NCSC integration (July 2025) and periodic revisions to the Essential Eight maturity model and the ISO 27001 Annex A control set. Always check whether a guide's review date is recent relative to when you are relying on it, and check the source links for anything that looks like it may have moved on.
How the content is researched
Guides are built from a documented clean-room research method: sources are gathered per country, and every factual claim inside a guide is tagged either VERIFIED (directly supported by a named primary source, linked in the guide's sources appendix) or INFERRED (a reasonable reading where no single source states the point directly). This tagging is there so you can see the difference between "the regulator says this" and "we think this follows from what the regulator says" — it is not a substitute for reading the underlying source yourself. See the Australian methodology guide and the New Zealand methodology guide for the full method.
Third-party sources and links
Guides cite and link to government regulators, standards bodies and, occasionally, other public sources such as forum discussions used as context rather than authority. We do not control these external sites, cannot guarantee they remain accurate or online, and linking to a source is not an endorsement of everything else on that site. If a cited link has moved or the underlying guidance has changed, the guide's own text is what we stand behind, not the live state of a third-party page.
Using the templates
The free starter pack and any other downloadable templates are editable starting points, not finished policies. Every template has fields you must complete, decisions you must make for your own business, and sections you may need to delete or add to depending on what you actually do. A template is only as good as the accuracy of what you put into it and the review it gets from someone with authority to approve it inside your business.
No warranty
This site, its guides, its templates and the free starter pack are provided "as is" and "as available," without warranty of any kind, express or implied, including but not limited to warranties of accuracy, completeness, fitness for a particular purpose, or non-infringement. To the maximum extent permitted by law, we disclaim all such warranties.
Limitation of liability
To the maximum extent permitted by law, SecurityPolicy.com.au and the people who produce it are not liable for any loss or damage arising from your use of, or reliance on, this site, its guides, or its templates — including any failure to comply with a law, framework or standard, any regulatory action, any security incident, or any business loss. Nothing in this disclaimer excludes or limits liability that cannot lawfully be excluded or limited under the Australian Consumer Law, the New Zealand Consumer Guarantees Act, or equivalent law that applies to you.
Changes to this disclaimer
We may update this page as the site, the templates, or the law changes. The version that applies is the one published at the time you use the site.