01 Run

We become your IT department and own the day-to-day.

›Managed IT Your whole environment, owned ›Managed Devices Endpoints, patched & tracked ›Microsoft 365 The workplace, managed ›Cloud & Azure Networks, Wi-Fi, voice

02 Protect

Security operations you can verify, and show.

›24-Hour CyberSOC Security ops that don't clock off ›Compliance Reviews Aligned to Essential 8 & ISO ›Backup & Recovery Provably restorable ›Identity & Email MFA enforced, threats stopped

03 Improve

Honest strategy and predictable budgets.

›IT Advisory & vCIO Honest, predictable plans ›AI & Copilot Where it genuinely helps ›Compliance & Governance Audit-ready evidence ›Projects & Consulting Build what you can't buy

Belton · Run / Protect / ImproveView all services ›

Professional Services

Firms that run on trust, time and confidential data.

›Accounting Ledgers & client data ›Legal Privilege & matter files ›Business Advisory Plans & reporting ›Mortgage & Finance Loan files & AML/CFT ›Insurance Claims & client records ›Insurance Brokers Cover & premiums

Built & Made

Site, studio and floor, where uptime is the product.

›Construction Sites & project files ›Architecture Drawings & large models ›Quantity Surveyors Cost data & big files ›Manufacturing Floor & ERP uptime ›Healthcare Patient data & privacy

Trade & Technology

Fast-moving operations that can't carry downtime.

›Logistics Fleet, orders & tracking ›Retail & Wholesale POS & storefronts ›Technology Cloud-native teams ›Distribution Inventory & systems

Belton · Sector-specialised IT & securityAll industries ›

Guides & Frameworks

Plain-English playbooks for the controls that matter.

›Essential Eight ASD's eight, explained ›DIY Cybersecurity Lock down the basics ›Cyber Standards Guide ISO, SMB1001 & more ›M365 Selection Guide Pick the right licences

Tools & Assessments

Self-serve checks that map where you stand.

›Security Assessment Score your posture ›Network Assessment Find the weak spots ›M365 Security Checklist Find the gaps ›Cyber Insurance Readiness Be claim-ready

Reading & Learning

Get more from the tools you already pay for.

›SME Tech Outlook 2026 Where NZ tech heads next ›Copilot Learning Hands-on with Copilot ›FAQ Straight answers ›CEO's Blog Plain-English views

Belton · Knowledge, not gatekeepingResource library ›

The Firm

A senior team with the skills and scale for any project.

›About Belton Who we are, plainly ›How We Work Our delivery process ›Who We Work With The fit we look for ›Leadership Jason & Amy Agnew + team

Proof & Partners

The evidence behind the claims, and ways to build with us.

›Case Studies Real outcomes, named ›Accreditations The proof behind the practice ›Industries Sector-specialised ›White-label / Partners Our bench, your brand

Connect

Real people, fast, no ticket-queue runaround.

›Contact Us Talk to a human, today ›Book a Session A 90-minute discovery ›Find Us Newmarket, Auckland ›Remote Support Get help now

Belton IT Nexus · Est. 2004 · Newmarket, AucklandAbout us ›

Home/Company/Accreditations

Proof, not promises.

Anyone can say they take security seriously. We can show it. Standards-based IT and cyber security is not a slogan for us. It is how we choose every platform, design every environment, and hold ourselves accountable.

ISO 27001aligned controls

Essential 8mapped

Audited stackSOC 2 · ISO · FedRAMP vendors

Due diligenceon every platform

Why this page exists

§01

If you can't verify it, it isn't security.

We do not run tools because they are popular. We run them because they are independently audited, so the controls protecting your business are accountable to someone other than us. Every platform below was chosen through deliberate due diligence and mapped to recognised standards. This is the proof behind the practice: the accreditations our stack holds, shown without the marketing.

Detection & response

§02

The platforms that watch and defend.

Accredited & aligned

Endpoint Detection & Response (EDR / XDR)

Autonomous, AI-driven threat prevention, detection and response across every endpoint, server, cloud workload and identity.

SOC 2 Type IIISO 27001ISO 27017ISO 27018FedRAMP HighIRAP (PROTECTED)

Managed Detection & Response (MDR)

24/7, human-led threat hunting, investigation and response across endpoints, Microsoft 365 and identity.

SOC 2 Type IIGDPRCCPA

Next-Generation Firewall & Network Security

Perimeter and internal network security: inspection, intrusion prevention, secure VPN and web and email filtering.

Common Criteria (NDcPP)EAL4+FIPS 140-2 validatedICSA Labs

Appliance-level evaluations; the vendor’s cloud services additionally hold ISO 27001 and SOC 2.

Backup & continuity

§03

The platforms that make recovery a certainty.

Accredited & aligned

Business Continuity & Disaster Recovery (BCDR)

Image-based local backup with immutable cloud copies and rapid recovery, so a ransomware hit or honest mistake is a bad hour, not a bad year.

SOC 2 Type IIISO 27001

Held at the backup cloud / datacentre layer.

Enterprise Backup & Replication

Backup, replication and assured recovery for virtual, physical and cloud workloads across the environment.

ISO 27001ISO 27017ISO 27018ISO 27701FIPS 140-2 validated

Vendor ISMS and cloud services; the engine itself is configured to these standards.

Direct-to-Cloud Backup

Independent, off-site cloud backup for servers, workstations and Microsoft 365 data.

SOC 2 Type IIISO 27001HIPAA

Cloud, identity & productivity

§04

The platform your business runs on.

Accredited & aligned

Cloud Productivity, Identity & Security Platform

The productivity, identity and security cloud at the core of the modern workplace, with conditional access and least-privilege enforced.

ISO 27001ISO 27017ISO 27018ISO 27701SOC 1 / 2 / 3FedRAMP HighIRAPPCI DSSHITRUST

How we run your IT

§05

The platforms behind our own delivery.

Accredited & aligned

Remote Monitoring & Management (RMM)

How we monitor, patch, automate and manage your fleet, around the clock, at scale.

ISO 27001PCI DSS Level 1SOC 2 Type II

Professional Services Automation (PSA)

The service desk, ticketing, project and billing platform that runs our operations and your support.

SOC 2 Type II

IT Documentation & Asset Management

Structured, secured documentation of your environment, assets and credentials, so knowledge never walks out the door.

SOC 2 Type II

Unified Communications & Business Voice

Business voice, video and contact-centre delivered over SIP, on any device, anywhere.

Aligned to ISO 27001 principles

Endpoint hardware

§06

The devices in your team’s hands.

Accredited & aligned

Business Endpoint Hardware (A)

Commercial-grade laptops and desktops with hardware-rooted security and a managed supply chain.

ISO 27001ISO 27701TPM: Common Criteria EAL4+TPM: FIPS 140-2 Level 2

Manufacturer ISMS; security validations at the trusted-platform-module level.

Business Endpoint Hardware (B)

Commercial laptops and desktops with a built-in platform-security stack and supply-chain assurance.

ISO 9001ISO 14001ISO 27001TAPA FSR (supply-chain security)

Connectivity & carriers

§07

The networks underneath it all.

Accredited & aligned

Enterprise Fibre & Network Carrier

Wholesale and enterprise fibre, network and voice across Australia and New Zealand.

ISO 27001ISO 9001

Network and datacentre operations.

Carrier-Grade Mobile & Broadband

Mobile, fixed broadband and business connectivity from a major national carrier.

Carrier-grade national network

Independent Wholesale Network

A pure-wholesale connectivity, voice and WAN platform serving providers across Australia and New Zealand.

Independent NZ wholesale network

What the badges mean

§09

The standards, in plain English.

SOC 2 Type II

An independent audit (over time, not a snapshot) of a provider’s security, availability and confidentiality controls.

ISO / IEC 27001

The international standard for an information security management system. Certification means controls are documented, operating and externally audited.

FedRAMP / IRAP

US and Australian government security assessments. Among the most rigorous bars a cloud platform can clear.

Common Criteria / FIPS 140-2

Internationally recognised evaluations of security products and cryptography, used by governments and regulated industries.

PCI DSS

The payment-card industry security standard, required to handle cardholder data safely.

Our own alignment

§10

Accredited platforms are only half of it.

The Belton standard

The best tools in the world do nothing if they are configured carelessly. So we hold ourselves to the same bar we expect of our vendors.

◆

01 / Mapped to standards

Essential Eight & ISO-aligned

We map your environment to the Essential Eight and ISO 27001 principles, with audit-ready evidence you can show a board, an insurer or a buyer.

▣

02 / Due diligence

Vendors who can prove it

We select and review every platform against its published certifications. If a vendor cannot prove its controls, it does not run your environment.

◉

03 / Defence in depth

Layered, not single-point

Identity, endpoint, network, email, backup and monitoring, each accredited, each layered, so one control failing does not become a breach.

A note on accuracy: accreditations reflect each platform’s published certifications and may be held at company, service or component level, and scope varies by product and region. We do not overstate them. We select, configure and review every vendor against these standards, and we are glad to walk you through the detail.

See it for
yourself.

A 90-minute discovery and security session. We map your environment against these standards and show you exactly where you stand.

Book the session ›Talk to a human ›

Sovereign by design

New Zealand owned and operated.

Sovereign data centres across New Zealand and Australia, with your data kept onshore wherever it's required. Our team understands New Zealand, and our leaders have built, scaled and secured businesses right across the New Zealand landscape.

Sovereign data centres · New Zealand & Australia

Auckland
Christchurch
Sydney
Melbourne
Brisbane
Perth

International data-centre operations

Singapore
Germany
Netherlands
USA

Servers available in minutes, not days.

Explore data centres & hosting →

Accredited partners

Fortinet Partner Lenovo Partner HP Partner Apple Business Manager

Proof, not promises.

If you can't verify it, it isn't security.

The platforms that watch and defend.

The platforms that make recovery a certainty.

The platform your business runs on.

The platforms behind our own delivery.

The devices in your team’s hands.

The networks underneath it all.

The standards, in plain English.

Accredited platforms are only half of it.

See it for yourself.

New Zealand owned and operated.

See it for
yourself.