Book a gap assessment

Better platforms.
Cleaner compliance.
Ready to ship. Ready for audit.

We assess existing platforms against ASD Essential Eight and ISM controls, close compliance gaps, and build the evidence your assessor needs. Platform engineering, DevSecOps, and compliance for Australian government and enterprise.

Book a free discovery call → See our services
platform@lattice ~ e8-preflight
  1. 1 Scan Identify gaps
  2. 2 Apply E8 Kyverno policies
  3. 3 Rescan 100% compliant 
 
 
 
initialising
 
 
 
 
 
 
 
  
 
 
 // what we do 3 capabilities 
 
 
 
 § 01 
Platform Engineering
 
We design and harden secure platforms, giving your engineering teams a compliant path from code to production.
 Discuss your platform → 
 
 
 
Kubernetes platform
 
Production-grade multi-tenant cluster design with secure-by-default namespace policies.
 
 
GitOps pipelines
 
ArgoCD and Flux with multi-environment promotion, approval workflows, and audit trails.
 
 
Infrastructure as Code
 
Terraform / OpenTofu for reproducible, version-controlled infrastructure.
 
 
Developer experience
 
Internal developer portals, golden paths, and self-service tooling that accelerates delivery.
 
 
 
 
 § 02 
DevSecOps
 
Security integrated into your CI/CD pipelines. Automated gates catch issues before they reach production, without slowing your engineers down.
 Assess your pipeline → 
 
 
 
Secure CI/CD
 
Pipeline design with isolated build environments and ephemeral runners.
 
 
SAST & DAST
 
Static and dynamic analysis as pipeline gates, not afterthoughts.
 
 
Container security
 
Image scanning, admission enforcement, and supply chain security controls.
 
 
Secrets management
 
Workload identity, secret rotation automation, and cloud-native secrets management.
 
 
 
 
 § 03 
IRAP & Compliance
 
We close the gaps assessors look for, whether your platform was built for compliance or not. Evidence collection, control mapping, System Security Plan.
 Book a gap assessment → 
 
 
 
E8 implementation
 
All eight mitigation strategies at ML2, with evidence mapping for each control.
 
 
IRAP preparation
 
Gap analysis, pre-assessment remediation, System Security Plan, assessor liaison.
 
 
Sovereign architecture
 
Data and administrative control confined within Australian jurisdiction.
 
 
Compliance automation
 
Policy-as-code, automated evidence collection, and drift alerting.
 
 
 
 
 
 
  
 
 
 
 
// why us
 

Compliance is an
 architecture decision. 
 

Most teams don't find their compliance gaps until an assessor does. By then, the fixes are expensive and the remediation touches core architecture.

 

We meet platforms where they are. Whether we're assessing an existing cluster or designing a new one, ASD E8, ISM, and PSPF controls are part of the architecture from the first decision.

 Book a gap assessment → 
 
 
 01 
 
Australian-owned
 
Australian-owned, with no foreign parent. Data stays in Australia.
 
 
 02 
 
SME agility
 
Fast decisions, direct communication, and a team that understands the constraints of government procurement.
 
 
 03 
 
Deep compliance experience
 
We have implemented ASD ISM, PSPF, and DSPF controls on production government systems.
 
 
 
 
 
 
  
 
 
// get in touch
 
Stop retrofitting compliance.
 

If you have a compliance gap to close, are preparing for an IRAP assessment, or hardening a platform against ASD E8 and ISM controls, get in touch.

 
Book a free discovery call →