BoardSentry

For Australian company directors

Govern the risks that now carry your name on them.

Cyber security and AI failures are no longer technology problems. They are personal accountability problems for the directors who oversee them. BoardSentry measures your readiness, shows you exactly where you stand, and gives you a plan that holds up in the boardroom.

Begin your assessmentSee how it works

Confidential by design. Built for the boardroom, not the server room.

Your readiness profile

Illustration
64Overall

Cyber Security

82

AI Governance

54

Directors' Duties

71

Regulatory and Compliance

47

Maturity level

DevelopingEstablished

Priority actions

5 identified

Grounded in named Australian sources

  • Corporations Act s180
  • ASIC v RI Advice
  • APRA CPS 234
  • Privacy Act 1988
  • SOCI Act
  • AICD Cyber Principles

The exposure is personal

Regulators have stopped asking whether boards understand cyber and AI. They have started asking which directors do not.

In ASIC v RI Advice, the Federal Court confirmed that inadequate cyber risk management can breach a licensee's statutory obligations. ASIC's chair has told directors, publicly and repeatedly, to become fluent in the language of cyber resilience. Privacy penalties have been raised dramatically. AI obligations are forming along the same path.

None of this requires you to become a technologist. It requires you to ask the right questions, recognise incomplete answers, and evidence that you did. That is a learnable, measurable discipline. BoardSentry exists to measure it and to close the gaps it finds.

4

governance domains assessed

48

board-level questions

5

maturity levels mapped

The four domains

Four domains of board accountability. One readiness picture.

Modern governance failures rarely sit neatly in one box. BoardSentry assesses your readiness across the four areas where directors are most exposed, and scores each one independently.

01

Cyber Security

Your personal accountability for the organisation's cyber resilience, incident readiness, and oversight of management's controls. The courts have already tested this ground.

  • ASIC v RI Advice
  • Essential Eight
  • APRA CPS 234

02

AI Governance

Emerging board duties around the responsible adoption, oversight, and risk management of artificial intelligence across the business, before the rules harden around you.

  • AI use inventory
  • Board-approved AI policy
  • Human oversight

03

Directors' Duties and Personal Liability

Where the Corporations Act places personal obligations on you, and where the line of personal exposure genuinely sits. Care, diligence, and the business judgement rule.

  • Corporations Act s180
  • D&O insurance
  • Business judgement rule

04

Australian Regulatory and Compliance

The local regulatory landscape, from APRA and ASIC expectations to privacy reform and critical infrastructure obligations, framed for the boardroom rather than the legal team.

  • Privacy Act reform
  • Notifiable Data Breaches
  • SOCI Act

How it works

A serious assessment, without the consulting engagement.

01

Create your account

Sign up in under a minute. Your workspace is private to you, and your results are never visible to anyone else without your knowledge.

02

Complete the readiness assessment

Forty eight questions across the four governance domains, written for directors rather than technologists. Around twenty five minutes, resumable at any point.

03

Act on your personal plan

A scored readiness profile with clear risk flags, a maturity level per domain, and a prioritised set of recommended actions. A certificate recognises strong results.

The maturity model

A scoreline tells you where you are. A maturity model tells you what to do next.

Every domain result maps to one of five maturity levels, each with a concrete, measurable definition of what good looks like and the specific next steps that move you up a level. No vague encouragement. A ladder.

Initial

Developing

Established

Embedded

Leading

01 Initial. Governance of cyber and AI is informal and reactive.

02 Developing. Foundations exist but coverage is uneven and untested.

03 Established. Core obligations are met, evidenced, and reviewed.

04 Embedded. Oversight is routine, measured, and board-led.

05 Leading. The board sets the standard others benchmark against.

Beyond the individual

Built for one director. Designed for the whole board.

Board pack mode

One board. One picture of readiness.

Chairs invite their directors, every member completes the assessment privately, and the board sees an anonymised aggregate: domain scores, score distribution, shared weak spots, and a readiness traffic light. Individual results stay individual. That is a design guarantee, not a setting.

  • Anonymised aggregate dashboard
  • Benchmarks against comparable boards
  • Workshop pack for facilitated sessions
  • Informed consent captured before every assessment

The year-round loop

From a workshop to an operating rhythm.

Advisory boards turn assessment results into a tracked action register, re-assess quarterly to evidence progress, and build an evidence repository mapped to named Australian obligations. When a regulator, auditor, or insurer asks, the answer is a pack, not a scramble.

  • Action register with append-only audit history
  • Quarterly re-assessment and trend reporting
  • Evidence mapped to 40 curated obligations
  • Boardroom presentation mode for meetings

Pricing

Priced for directors. Scaled for boards.

Pricing is indicative while we finalise launch plans. Final pricing will be confirmed before you are ever asked to pay.

Start here

Director

For individual directors and executives

Indicative

Final pricing confirmed before you are ever asked to pay

  • Full 48 question readiness assessment
  • Personalised action plan with risk flags
  • Maturity level across all four domains
  • Digital certificate for strong results
  • Annual reassessment with progress tracking
Begin your assessment

Board

For chairs bringing their whole board

On application

Facilitated onboarding for the full board

  • Everything in Director, for every member
  • Anonymised board-level readiness view
  • Benchmark against comparable boards
  • Workshop pack for facilitated sessions
  • Director privacy protected by design
Talk to us

Advisory

For boards on a year-round governance loop

On application

The full governance operating rhythm

  • Everything in Board
  • Action register with full audit history
  • Quarterly re-assessment and trend reporting
  • Evidence repository mapped to obligations
  • Boardroom presentation mode
Talk to us

Questions

Asked by careful directors. Answered plainly.

Who can see my results?

By default, only you. If you join a board assessment, your individual results remain yours: the chair and any facilitator see anonymised aggregates only, unless you are clearly told otherwise before you begin. Consent is captured before any organisation board assessment starts.

How long does the assessment take?

Around twenty five minutes. It is resumable, so you can answer a few questions between meetings and pick up where you left off on any device.

Is this legal advice?

No. BoardSentry is governance education and readiness tooling, grounded in named Australian regulatory sources. It helps you understand your obligations and ask sharper questions of management, your CISO, and your legal counsel.

Do I need a technical background?

No. Every question and every explanation is written in plain English for an intelligent, busy executive who has never worked in IT. No acronym appears without an explanation.

What happens to my data?

Your data is held in Australia, protected by row level security at the database layer, and never shared across boards. Boards can export their complete data at any time.

Understand your exposure while it is still your decision to make.

Twenty five minutes. Four domains. One clear, private picture of where you stand and what to do about it.

Begin your assessment