About

Who we are

Blueprint is an information security, AI governance and business continuity consultancy based in Melbourne, Australia. We provide specialist advice on how to best protect your valuable business information and processes. We help you understand your key risks and develop effective mitigation strategies tailored to your business.

What makes Blueprint different

Independent Advice

At Blueprint we provide independent advice. We don’t promote or resell any products so there’s no hidden agenda.

We are experts

We’re highly experienced and accredited experts. We’ve been working in the security, resilience, governance and risk management sectors for decades, and are passionate about what we do.

Experience and Accreditation:

Blueprint Information Security has been operating for over 18 years.

We’ve worked with clients in a variety of different industries. Highlights include:

  • Assisting many organisations to achieve ISO 27001 certification and, more recently, ISO 42001 certification.
  • Developing information security policies for organisations ranging from a Big Four Australian bank to a small not-for-profit.
  • Developing business continuity and crisis management plans for a global health service provider and multiple Australian banks
  • Conducting crisis management excercises for executives and board members at financial services organisations, technology companies and not-for-profits
  • Assisting an international legal firm to implement controls in the Australian Government Information Security Manual and prepare for an IRAP assessment

We work with a variety of information security standards, guidelines and regulations. These include:

  • ISO/IEC 27001 (information security)
  • ISO/IEC 42001 (AI)
  • ISO 22301 (business continuity)
  • ISO/IEC 27701 (privacy)
  • Australian Government Information Security Manual (ISM)
  • Australian Prudential Regulation Authority (APRA) standards CPS 230 and CPS 234
  • NIST Cybersecurity Framework (CSF)
  • Right Fit For Risk (RFFR) Accreditation
  • Australian Privacy Act
  • Security of Critical Infrastructure Act (SOCI)

Our Managing Director

Jake Smith is an information security and risk management consultant with over twenty-five years of experience, both in Australia and Europe. Jake’s specialist skills and experience include:

  • ISO 27001 ISMS (Information Security Management System) consulting and auditing
  • ISO 42001 AIMS (AI Management System) consulting and auditing
  • IRAP and ISM consulting and assessments
  • Business continuity and crisis management
  • Information security strategy and policy development

Jake has consulted to a diverse range of clients in the finance, telecommunications, technology, government, legal, health, not-for-profit, manufacturing and utilities sectors. Coming from both an IT security and business management background, Jake has a unique insight into how technical controls can be aligned with business objectives.

Jake has worked with many Australian and international information security, business continuity and AI governance standards, including ISO 27001, 27701, 22301, 42001 and 31000, the Australian Government ISM, APRA CPS 230 and CPS 234, NIST Cyber Security Framework and PCI DSS.

Jake holds professional memberships with the Australian Information Security Association (AISA – Honorary Life Member), the Information Systems Audit & Control Association (ISACA), and (ISC)². He is also a member of the Standards Australia IT-012-04 Committee which helps develop the ISO/IEC 27000 range of standards. As a member of this Committee, Jake was involved in the development of the latest version of ISO/IEC 27001.

Jake’s qualifications include CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Security Controls), ISO 27001 Lead Auditor and ISO 42001 Lead Auditor. He has been an ASD (Australian Signals Directorate) certified IRAP assessor since 2015.