Fiji adopts first Pacific managed security mapped to ASD ISM

Borderless CS is now providing Fiji with the Pacific region's first managed security service mapped directly to the updated Australian Signals Directorate (ASD) Information Security Manual (ISM).

The company has updated its cybersecurity framework in alignment with the June 2025 revision of the ASD's ISM, which sets technical and governance requirements for organisations in Australia and is increasingly seen as a regional benchmark. Fiji-based businesses, ranging from public sector agencies to small and medium-sized enterprises, now have local access to a service catalogue designed to meet both regulatory and insurance standards using this model.

Revised standards

The ASD ISM revision has increased governance demands, tightened supply chain checks, and emphasised zero-trust architecture - all of which are reflected in Borderless CS's approach. The firm's Founder and Chief Executive Officer, Jayaprakash (JP), stated, "The refreshed ISM isn't just more technical; it's more demanding - especially around governance, supply chain checks, and zero-trust architecture. We took that challenge and built a framework that our clients can actually use."

Borderless CS's offering is structured according to the ISM's foundational pillars: Govern, Identify, Protect, Detect, and Respond. Services include fractional Chief Information Security Officer (CISO) leadership, secure cloud migration for platforms such as Microsoft 365 and AWS, 24/7 insider threat monitoring with a fully localised security operations centre, tactical simulation exercises, and incident response with guaranteed, rapid involvement from local forensic experts.

Supply chain risk

Recent updates to the ASD ISM highlight the need to manage third-party risk. ISM directives such as ISM 1452 and ISM 1567 require organisations to rigorously assess and, where necessary, exclude high-risk suppliers. Borderless CS now includes detailed supply chain audits as part of every new client engagement, examining external vendors and third-party software for hidden vulnerabilities.

"The MOVEit and SolarWinds breaches showed us that one weak link can infect the entire economy. We don't wait for a problem to show up - we block it at the source," said JP.

Beyond technical controls, the revised ISM places focus on workforce skills and training. In response, Borderless CS has expanded its internal academy to offer paid internships for university students and micro-credentialing for client staff, addressing a known gap in local cybersecurity capability.

Tangible outcomes

Early client feedback has centred on measurable results. Nonprofit organisation CyberYouth Australia, active in both Fiji and Australia, reported significant improvements in risk posture after adopting the Borderless CS framework.

"They didn't just talk compliance - they made it happen," said Simon Peter, Chief Information Officer of CyberYouth Australia.

The organisation saw a 92% reduction in critical vulnerabilities in its environment within three months, reached Essential Eight Maturity Level 2, and negotiated a 10% saving on its cyber insurance premium.

Looking forward

Borderless CS is currently testing an AI-supported dashboard designed to provide leadership teams with a consolidated view of cyber readiness. The dashboard integrates system monitoring, staff training progress, and threat detection into a summary view that aims to streamline executive decision-making without requiring long technical reports.

The company maintains that as Fiji's digital infrastructure develops, maintaining up-to-date cybersecurity practices will become increasingly critical. JP said, "Cybersecurity shouldn't be a burden. It should be your edge in the market. And it starts by aligning to the ISM - today."