Skip to content
BlueStone Tech
Productised offer · $7,500 fixed · money-back

Essential 8 for Melbourne small business — done in 90 days.

We don't sell another audit. We get you to Maturity Level 1, fixed fee, money-back if we miss. Then we hand your broker an evidence pack they recognise.

Get a free quote — by email See the 90-day plan

$7,500

fixed fee · GST inc.

90 days

kickoff to ML1 sign-off

100%

refund if we miss

Patch appsPatch OSMFAAdmin privilegesMacro settingsApp controlBackupsUser hardening CURRENT ML 0.7 target ML1 by 14 Jun
Current maturity ASD ML1 target

The eight controls · plain English

What "Essential 8" actually means.

01

Application control

Stop laptops running software your team didn't install.

Block unsigned EXEs and stop random tools running. Enforced via Defender / UEMS AppLocker policy.

02

Patch applications

Apply browser, Office, Adobe and Java patches within 48h.

Auto-deploy 3rd-party patches with rollback. We track CVE-to-deployed-patch latency for the evidence pack.

03

Configure MS Office macros

Block Excel macros from the internet. They're how ransomware lands.

Office trust-centre policy, signed macros only, blocked from downloaded files.

04

User application hardening

Turn off Flash, Java, ad networks. Limit browsers from running risky stuff.

Browser hardening baseline, ASR rules, removal of unused legacy components.

05

Restrict admin privileges

Day-to-day work runs without admin rights. Even for IT.

Just-in-time elevation via Entra PIM, named admin accounts, quarterly review.

06

Patch operating systems

Windows + macOS patched within 14 days of release. No more "we'll do it tomorrow".

Automated patch ring (pilot → production), unattended OOB patches, monthly compliance report.

07

Multi-factor authentication

Phone-confirm for every login. No exceptions for the principal.

Conditional access, phishing-resistant MFA where supported, FIDO2 for privileged accounts.

08

Regular backups

Tested restores on a published schedule. Yes, including the M365 mailbox.

3-2-1, immutable, quarterly restore test with written sign-off. RPO ≤24h, RTO ≤4h.

The 90-day plan

Week-by-week. No surprises.

  1. Discovery & evidence base

    Read-only audit of M365 tenant, endpoint estate, network. Maturity scored against ASD's ISM. Baseline report delivered.

  2. Patching, MFA & backup

    Automated 3rd-party patching deployed. MFA hard-rolled for all users. M365 + endpoint backup configured and tested.

  3. Hardening & macros

    Application hardening baseline, ASR rules, Office macro policy. User comms + 30-min training session.

  4. Privileges & application control

    Just-in-time admin elevation, AppLocker pilot, refinement based on real workload. Most users now run without admin.

  5. Evidence pack & sign-off

    Maturity re-scored. Insurance-ready evidence pack delivered (matrices, screenshots, attestations). Leadership readout.

Insurer FAQ

What your broker wants to know.

My broker just sent me an Essential 8 attestation form. What do I do?
Forward it to us. We'll fill it accurately and provide the underlying evidence. Most brokers accept the BlueStone Cyber Insurance Renewal Pack as-is.
Do you guarantee we'll pass an insurer audit?
We guarantee ML1 maturity per ASD's published criteria. Insurer audits ask broader questions — we equip you to answer every question with documented evidence.
Can the $7,500 be invoiced post-renewal?
Yes. Most clients run the 90-day uplift in the 4–6 month window before renewal. We can structure invoicing in three milestones to match cash flow.
What if you don't reach ML1?
Full refund of the $7,500 — and we publish the gap report so you can take it to another provider. We've never had to refund (yet) but the guarantee is real, in writing.
What about ML2 or ML3?
Almost no SMB needs ML2 or ML3. ML1 is what insurers ask for and what regulators reference.
Does this work for businesses on Google Workspace?
Yes — though the ASD's controls map most cleanly onto a Microsoft tenant. We support Google Workspace and will be honest if a Microsoft migration would shorten the path.
Same-business-day email reply · no sales calls

Want a quote for Essential 8 in 90 days? It takes 2 minutes.

We'll email back with a tailored proposal — no calls, no follow-ups you didn't ask for.

Get a free quote Book a call