Let’s get your team trained and using Microsoft Copilot and moving your business forward. Click here to book 09 974 2379Client PortalRemote Support
Belton IT Nexus
NZ AU
Contact us
01 Run

We become your IT department and own the day-to-day.

Managed IT Your whole environment, owned Managed Devices Endpoints, patched & tracked Microsoft 365 The workplace, managed Cloud & Azure Networks, Wi-Fi, voice
02 Protect

Security operations you can verify, and show.

24-Hour CyberSOC Security ops that don't clock off Compliance Reviews Aligned to Essential 8 & ISO Backup & Recovery Provably restorable Identity & Email MFA enforced, threats stopped
03 Improve

Honest strategy and predictable budgets.

IT Advisory & vCIO Honest, predictable plans AI & Copilot Where it genuinely helps Compliance & Governance Audit-ready evidence Projects & Consulting Build what you can't buy
Belton · Run / Protect / ImproveView all services ›
Professional Services

Firms that run on trust, time and confidential data.

Accounting Ledgers & client data Legal Privilege & matter files Business Advisory Plans & reporting Mortgage & Finance Loan files & AML/CFT Insurance Claims & client records Insurance Brokers Cover & premiums
Built & Made

Site, studio and floor, where uptime is the product.

Construction Sites & project files Architecture Drawings & large models Quantity Surveyors Cost data & big files Manufacturing Floor & ERP uptime Healthcare Patient data & privacy
Trade & Technology

Fast-moving operations that can't carry downtime.

Logistics Fleet, orders & tracking Retail & Wholesale POS & storefronts Technology Cloud-native teams Distribution Inventory & systems
Belton · Sector-specialised IT & securityAll industries ›
Guides & Frameworks

Plain-English playbooks for the controls that matter.

Essential Eight ASD's eight, explained DIY Cybersecurity Lock down the basics Cyber Standards Guide ISO, SMB1001 & more M365 Selection Guide Pick the right licences
Tools & Assessments

Self-serve checks that map where you stand.

Security Assessment Score your posture Network Assessment Find the weak spots M365 Security Checklist Find the gaps Cyber Insurance Readiness Be claim-ready
Reading & Learning

Get more from the tools you already pay for.

SME Tech Outlook 2026 Where NZ tech heads next Copilot Learning Hands-on with Copilot FAQ Straight answers CEO's Blog Plain-English views
Belton · Knowledge, not gatekeepingResource library ›
The Firm

A senior team with the skills and scale for any project.

About Belton Who we are, plainly How We Work Our delivery process Who We Work With The fit we look for Leadership Jason & Amy Agnew + team
Proof & Partners

The evidence behind the claims, and ways to build with us.

Case Studies Real outcomes, named Accreditations The proof behind the practice Industries Sector-specialised White-label / Partners Our bench, your brand
Connect

Real people, fast, no ticket-queue runaround.

Contact Us Talk to a human, today Book a Session A 90-minute discovery Find Us Newmarket, Auckland Remote Support Get help now
Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›
Home/Company/Compliance Statement

Compliance & Security Statement.

For due diligence, procurement and insurer questionnaires: how Belton runs its own house. View it here, or take the PDF.

Belton IT Nexus Limited · Compliance & Security StatementVersion 1.0 · June 2026

1. Who we are

Belton IT Nexus Limited is a privately held, New Zealand-owned and operated managed IT, cyber security and AI services firm, founded in 2004 and headquartered at Level 3, 101 Carlton Gore Road, Newmarket, Auckland. We serve 469 organisations across New Zealand and Australia with a 40-strong in-house team.

2. Standards alignment

Belton's controls and client deliveries are aligned to ISO/IEC 27001 principles and mapped to the ACSC Essential Eight. We state this precisely: alignment and mapping, with evidence, not certification. Client environments are configured, documented and reviewed against these frameworks, and the supporting evidence is maintained in our client platform so it can be produced for boards, insurers, auditors and enterprise procurement.

3. Vendor and platform assurance

We run client workloads only on independently audited platforms. The vendor stack behind our delivery holds certifications including SOC 2 Type II, ISO/IEC 27001/27017/27018/27701, FedRAMP, IRAP, Common Criteria and FIPS 140-2 validation, held at the vendor level and documented per platform on our accreditations page. Vendors that cannot evidence their controls do not run our clients' environments.

4. Data residency and sovereignty

Client data residency is determined per workload and documented. Where data must remain onshore, we operate sovereign data-centre capacity in Auckland and Christchurch (New Zealand) and Sydney, Melbourne, Brisbane and Perth (Australia), with international data-centre operations in Singapore, Germany, the Netherlands and the USA where reach is required.

5. Security operations

  • 24/7 security operations capability through our global SOC partner network.
  • Managed endpoint detection and response (EDR) across client fleets.
  • Multi-factor authentication and conditional access enforced as default posture.
  • Email security beyond platform defaults, tuned for phishing and payment-redirection fraud.
  • Encrypted backups with scheduled, tested restores and agreed recovery objectives.

6. Privacy

We handle personal information in accordance with the New Zealand Privacy Act 2020 and, for Australian clients, the Privacy Act 1988 (Cth) including the Australian Privacy Principles and the Notifiable Data Breaches scheme. We do not publish client names or identifiable client details; references are available on request with client consent.

7. People and process

Clients are served by named pods with a dedicated account manager, backed by specialist cyber and operations teams. Access to client systems follows least-privilege principles with MFA enforced. Our delivery process (Discover, Map, Protect, Improve) produces documented environments: no tribal knowledge, no black box.

8. Incident response

We maintain incident response procedures covering detection, containment, client notification, recovery and post-incident review. Critical incidents carry a 15-minute response target in business hours, with 24/7 emergency cover on extended agreements (standard support Mon–Fri 8:30am–5:00pm, extended 6:30am–11:00pm NZT).

9. Transparency

Clients receive live visibility of their environment, controls and compliance posture through the Belton Client Portal, the same picture our team works from. Recommendations carry written reasoning; renewals are never silent; product margin is fair and disclosed as our model.

10. Verification

Specific control detail, vendor certificates and client-environment evidence are available under NDA for genuine due diligence. Contact [email protected] or +64 9 974 2379.

Issued June 2026 · supersedes earlier statements · reviewed annually or on material change

Download the PDF See the accreditations
NEW ZEALAND OWNED & OPERATED EST. 2004
Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia
  • Auckland
  • Christchurch
  • Sydney
  • Melbourne
  • Brisbane
  • Perth
International data-centre operations
  • Singapore
  • Germany
  • Netherlands
  • USA

Servers available in minutes, not days.

Explore data centres & hosting →
Accredited partners
Microsoft Solutions Partner Fortinet Partner Lenovo Partner HP Partner Apple Business Manager