RegScale Announces Support for the Australian Information Security Manual (ISM)

February 19, 2023 | By J. Travis Howerton

The Australian Cyber Security Centre (ACSC) produces the Information Security Manual (ISM). The purpose of the ISM is to outline a cyber security framework that organizations can apply, using their risk management framework, to protect their systems and data from cyber threats. The ISM is intended for Chief Information Security Officers, Chief Information Officers, cyber security professionals, and information technology managers. In addition, the ACSC provides machine-readable versions of the ISM in OSCAL which RegScale was able to programmatically consume to provide rapid support and integration within our platform.

At RegScale, we give Australian organizations easy and free tools to get started with building a fully compliant ISM program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of February 19, 2023, RegScale has announced that we officially support the AU ISM as a catalog within our platform with automated tools/wizards for building compliant cyber security programs.

Schedule a free demo today to learn how RegScale can help you continuously meet your AU ISM requirements. If you are ready to start automating your compliance processes for creating and managing ISM requirements, this demo will also show how you can leverage RegScale to deliver continuous compliance. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust ISM compliance artifacts that will help you pass audits and reduce your risk with ease. With RegScale, our customers get software with a service to provide a concierge like experience for reducing risk related to their Australian information systems.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.