01 Run

We become your IT department and own the day-to-day.

›Managed IT Your whole environment, owned ›Managed Devices Endpoints, patched & tracked ›Microsoft 365 The workplace, managed ›Cloud & Azure Networks, Wi-Fi, voice

02 Protect

Security operations you can verify, and show.

›24-Hour CyberSOC Security ops that don't clock off ›Compliance Reviews Aligned to Essential 8 & ISO ›Backup & Recovery Provably restorable ›Identity & Email MFA enforced, threats stopped

03 Improve

Honest strategy and predictable budgets.

›IT Advisory & vCIO Honest, predictable plans ›AI & Copilot Where it genuinely helps ›Compliance & Governance Audit-ready evidence ›Projects & Consulting Build what you can't buy

Belton · Run / Protect / ImproveView all services ›

Professional Services

Firms that run on trust, time and confidential data.

›Accounting Ledgers & client data ›Legal Privilege & matter files ›Business Advisory Plans & reporting ›Mortgage & Finance Loan files & AML/CFT ›Insurance Claims & client records ›Insurance Brokers Cover & premiums

Built & Made

Site, studio and floor, where uptime is the product.

›Construction Sites & project files ›Architecture Drawings & large models ›Quantity Surveyors Cost data & big files ›Manufacturing Floor & ERP uptime ›Healthcare Patient data & privacy

Trade & Technology

Fast-moving operations that can't carry downtime.

›Logistics Fleet, orders & tracking ›Retail & Wholesale POS & storefronts ›Technology Cloud-native teams ›Distribution Inventory & systems

Belton · Sector-specialised IT & securityAll industries ›

Guides & Frameworks

Plain-English playbooks for the controls that matter.

›Essential Eight ASD's eight, explained ›DIY Cybersecurity Lock down the basics ›Cyber Standards Guide ISO, SMB1001 & more ›M365 Selection Guide Pick the right licences

Tools & Assessments

Self-serve checks that map where you stand.

›Security Assessment Score your posture ›Network Assessment Find the weak spots ›M365 Security Checklist Find the gaps ›Cyber Insurance Readiness Be claim-ready

Reading & Learning

Get more from the tools you already pay for.

›SME Tech Outlook 2026 Where NZ tech heads next ›Copilot Learning Hands-on with Copilot ›FAQ Straight answers ›CEO's Blog Plain-English views

Belton · Knowledge, not gatekeepingResource library ›

The Firm

A senior team with the skills and scale for any project.

›About Belton Who we are, plainly ›How We Work Our delivery process ›Who We Work With The fit we look for ›Leadership Jason & Amy Agnew + team

Proof & Partners

The evidence behind the claims, and ways to build with us.

›Case Studies Real outcomes, named ›Accreditations The proof behind the practice ›Industries Sector-specialised ›White-label / Partners Our bench, your brand

Connect

Real people, fast, no ticket-queue runaround.

›Contact Us Talk to a human, today ›Book a Session A 90-minute discovery ›Find Us Newmarket, Auckland ›Remote Support Get help now

Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›

Home/ Resources/ Security Assessment

Know where you stand.

A thorough review of your security posture. Honest findings. Practical recommendations. No jargon, no unnecessary alarm, just a clear picture of your real risks.

7review areas Read-onlyremote access Noobligation to engage Yoursthe report, regardless

Check yourself, right now

The 10-question self-assessment.

2 minutes · honest answers

Ten questions, the same ones we open every engagement with. Answer honestly, nothing leaves your browser, and you'll get your score and the gaps to close first.

Most businesses know they should care about security. Few know exactly where their vulnerabilities lie. Generic advice only goes so far. You need someone to look at your specific environment, your actual configurations, your real risks.

Our security assessment does exactly that. We examine your systems, review your policies, and test your defences. You receive a clear picture of your current state and a prioritised list of improvements. No jargon. No unnecessary alarm. Just honest findings and practical recommendations.

Better to discover vulnerabilities through a controlled assessment than through a breach.

A comprehensive examination

§01

What we review

Seven areas that matter

⚿

01 / Identity

Identity & access

Who has access to what, how accounts are created and removed. We verify password policies, MFA coverage, and privileged access controls.

✉

02 / Email

Email security

Your most likely attack vector. We review spam filtering, phishing and impersonation defences, and check SPF, DKIM and DMARC configuration.

▤

03 / Endpoints

Endpoint protection

Are your devices adequately protected? We examine antivirus coverage, EDR deployment, and patch status, and verify tools are actually working.

☁

04 / Cloud

Cloud environments

Microsoft 365, Azure, AWS. We review access controls and security settings against best practices and common misconfigurations attackers exploit.

⚛

05 / Network

Network security

Firewall rules, segmentation, and VPN configuration. We look at how traffic flows, what is exposed externally, and how a breach would be contained.

♻

06 / Data

Data protection

Where your sensitive data lives, who can access it, and how it is protected in transit and at rest. We assess backups, classification, and recovery.

◉

07 / People

Security awareness

Technology alone cannot protect you. We assess your security policies, training programs, and incident response. Human factors often decide the outcome.

How the assessment works

§02

The process

Nothing assumed, everything verified

Scope

A scoping conversation to understand your business, your concerns, and your environment, so we examine what matters most to you.

Collect

We gather documentation, configuration exports, and system information, mostly remotely with temporary read-only access to your systems.

Analyse

We review configurations, test controls, and identify vulnerabilities, examining each area systematically against established security frameworks.

Report

We document findings, assess risk levels, and walk you through the results, so you leave with a clear roadmap for improvement.

What you receive

§03

Tangible outputs you can act on

The deliverables

An executive summary gives leadership a high-level overview with key findings, risk ratings, and recommended priorities. The technical report provides detailed findings with evidence, risk assessments, and specific remediation guidance for each issue identified.

We also provide a prioritised roadmap, a recommended sequence of improvements based on risk, cost, and operational impact. Finally, we conduct an interactive presentation session with your team, walking through findings and providing context. No obligation to engage further. The report is yours regardless.

Included in every assessment

Executive summary for leadership
Technical report with evidence
Risk ratings and prioritisation
Specific remediation guidance
Prioritised improvement roadmap
Interactive presentation session

Discover your risks
before a breach does.

Tell us about your organisation and we'll be in touch to discuss scope and timing. We have assessed organisations across New Zealand, manufacturing, professional services, healthcare, and technology. Each environment is different. The rigour we apply is consistent.

Book your assessment ›Talk to a human ›

Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia

Auckland
Christchurch
Sydney
Melbourne
Brisbane
Perth

International data-centre operations

Singapore
Germany
Netherlands
USA

Servers available in minutes, not days.

Explore data centres & hosting →

Accredited partners

Fortinet Partner Lenovo Partner HP Partner Apple Business Manager