February update: New plans, new frameworks!

Sydekick

Jester

February 26, 2026

5 min read

Overview

This release introduces a refreshed plan lineup, upgraded Sydekick frameworks across all tiers, and two new industry-standard compliance frameworks. Clients now have clearer options at every stage of their security journey — from small teams getting started through to organisations with mature compliance requirements.

Available now! Sign up to get started.

New Lite plan

An entry-level plan designed for micro to small teams taking their first steps in cybersecurity, with a focus on scam and fraud prevention.

What's included:

  • Up to 5 users
  • Security program built on the Sydekick Level One framework
  • 8 security domains:
    • Asset management
    • Access control
    • Scam protection
    • Data protection
    • Email security
    • Cloud security
    • Network security
    • Monitoring
  • ~30 guided security tasks with clear next steps
  • Basic policy templates (Lite policy pack)
  • 4 runbooks:
    • New hire onboarding
    • Incident response
    • Employee offboarding
    • Social media account takeover response
  • 6 repeating schedules:
    • Monthly updates
    • Quarterly access reviews
    • Backup testing
    • Awareness sessions
    • Social media security checks
  • Stage-based progression across 7 stages with badge rewards

Best suited for

Micro to Small businesses and teams needing a structured, approachable cybersecurity starting point in plain english and without the complexity of full compliance programs.

---

Starter renamed to Core

The former “Starter” plan is now Core, with expanded content and capabilities. Best suited for organisations starting a program of cyber resilience to meet insurance, supply chain or regulatory requirements. 

What's included:

  • Up to 20 users
  • Security and Privacy programs
  • Sydekick Level Two framework:
    • 9 security domains (all Lite domains + Security governance)
    • ~65 guided tasks
  • All policy templates:
    • Security
    • Privacy
    • Privacy Statement
    • Responsible AI
  • 11 runbooks (4 security + 7 privacy), including:
    • Manage a privacy breach
    • Carry out a PIA
    • Respond to individual rights requests
  • 5 record templates:
    • Systems with admin access
    • IT asset register
    • Key contacts and responsibilities
    • Third-party service providers
    • Personal information inventory
  • Stage-based progression across 12 stages
  • Privacy framework included

What's new

  • Expanded Level Two task coverage with formal policies and structured processes
  • New Security governance domain
  • Core-level maturity assessment
  • Visual stage-based progression tracking

---

Upgraded Pro plan

Pro now includes two industry-standard compliance frameworks alongside Sydekick Level Three. Built for businesses that must demonstrate certification of global frameworks but don't have the budgets or the resources for the enterprise offerings.

What's included

  • Up to 100 users
  • Security, Privacy, and Application Security programs
  • Sydekick Level Three framework (new):
    • 9 security domains
    • 100+ guided tasks
  • NIST CSF v2.0
  • CIS Controls v8
  • All policy templates
  • 11 runbooks
  • 10 record templates, including:
    • Data classification register
    • Backup and recovery register
    • Security training log
    • Incident and breach log
    • Privacy impact assessment register
  • Stage-based progression across 19 stages
  • Advanced integrations:
    • Slack
    • Microsoft Teams
    • Jira
  • Dedicated support and custom onboarding

What's new

  • NIST CSF v2.0 and CIS Controls v8 available as trackable frameworks
  • Expanded enterprise-grade Level Three tasks
  • Pro-level maturity assessment domains
  • Additional compliance tracking templates

---

New Framework - NIST CSF v2.0

Available on the Pro plan.

The NIST Cybersecurity Framework v2.0 provides a high-level structure for assessing, prioritising, and communicating cybersecurity outcomes.

Structure

  • Govern (GV) — Risk strategy and oversight
  • Identify (ID) — Assets, risks, vulnerabilities
  • Protect (PR) — Safeguards and controls
  • Detect (DE) — Threat and anomaly detection
  • Respond (RS) — Incident response actions
  • Recover (RC) — Restoration and resilience

Details

  • 22 domains mapped to Sydekick tasks
  • Stage-based progression across 22 stages
  • Progress contributes to overall Sydekick posture

---

New Framework: CIS Controls v8

Available on the Pro plan.

The CIS Critical Security Controls provide a prioritised defence-in-depth model.

18 Controls

  1. Enterprise asset inventory
  2. Software asset inventory
  3. Data protection
  4. Secure configuration
  5. Account management
  6. Access control management
  7. Continuous vulnerability management
  8. Audit log management
  9. Email and browser protections
  10. Malware defenses
  11. Data recovery
  12. Network infrastructure management
  13. Network monitoring and defense
  14. Security awareness training
  15. Service provider management
  16. Application security
  17. Incident response management
  18. Penetration testing

Details

  • Stage-based progression across 21 stages
  • Controls mapped to Sydekick tasks
  • Covers hygiene through advanced testing

---

All plans are Available now! Sign up to get started.

Related 🚀

Unbeatable cyber resilience 🦹

Winner of 2021 iSANZ Best Startup

"We wanted a solution that was fit for purpose, reflecting our age and stage, while delivering the outcomes we wanted for our customers and people. After looking at what was available, Sydekick stood out as serving this purpose perfectly."

Kendall Flutey

Founder & CEO

Cyber resilience, made doable 🦸

Resources
BlogPodcastPartner ProgramMediaSupport
© All rights reserved. 2025 Sydekick Ltd. | Terms of Service | Privacy Policy