A practical set of free templates and checklists for NZ small businesses - designed to reduce common IT risks, improve operational clarity, and make monthly governance easier to manage.
Trimmed down to the six strongest starting points for most businesses.
Sector guides, quick wins, case studies, and 30/60/90-day planning ideas for NZ organisations
Reading time: 9–12 min
Reducing phishing risk and improving reporting behaviour
Reading time: 5–8 min
Building evidence you can actually restore (ransomware readiness)
Reading time: 15–25 min
Spotting common Microsoft 365 “default mode” risks quickly
Reading time: 10–20 min
Moving from firefighting to predictable monthly/quarterly IT
Reading time: 10–15 min
Reducing spoofing risk and improving trust in business email
Reading time: 10–15 min
Search by keyword, topic, or title (e.g., “M365”, “backup”, “vendor”, “Wi‑Fi”, “DMARC”, “RTO”, or “MSP”).
| Resource | Best for | Reading time | What you get | Link |
|---|---|---|---|---|
|
Industry Guides Hub Guides Reference |
Sector guides, quick wins, case studies, and 30/60/90-day planning ideas for NZ organisations | 9–12 min | Sector-specific guidance, practical planning ideas, and leadership-friendly direction | Open |
|
Phishing staff one-pager Security Staff |
Reducing phishing risk and improving reporting behaviour | 5–8 min | Golden rules, common NZ phish patterns, what to do if clicked, template message | Open |
|
Invoice scam payment controls Security Finance |
Stopping bank-detail change fraud and urgent-payment social engineering | 10–15 min | 1-page policy, call-back script, internal record form, red flags cheat sheet | Open |
|
Restore readiness checklist Continuity Backup |
Building evidence you can actually restore (ransomware readiness) | 15–25 min | 15-minute monthly test, quarterly rehearsal plan, first-hour checklist, restore log template | Open |
|
Employee offboarding checklist Access Security |
Preventing lingering access when staff/contractors leave | 10–15 min | Same-day checklist, 48h and 7-day checks, email template, common gotchas | Open |
|
Endpoint hygiene baseline (quick checks) Security Devices |
Reducing endpoint risk: patching, encryption, admin rights, and evidence | 10–15 min | 30-minute baseline checklist, monthly rhythm, tracking table, owner-friendly metrics | Open |
|
Cloud/SaaS cost tidy-up checklist Governance Cost |
Keeping SaaS spend predictable and reducing waste | 8–12 min | Monthly checklist, subscription register template, renewal ownership, leaver cleanup | Open |
|
Privacy baseline checklist (plain English) Privacy Governance |
Practical privacy/compliance basics for NZ SMEs | 10–15 min | Data map template, retention basics, access control, incident plan, common gotchas | Open |
|
Patch rhythm inventory template Ops Maintenance |
Making patching predictable and reducing change risk | 10–20 min | Recommended patch cadence, what to inventory, maintenance message template, risk reduction checklist | Open |
|
M365 sanity check M365 Security |
Spotting common Microsoft 365 “default mode” risks quickly | 10–20 min | Fast checks, high-value settings, questions to ask IT/MSP, minimum baseline outcome | Open |
|
Backup restore drill Continuity Backup |
Running a repeatable restore drill and logging evidence | 30 min | Three test items, quarterly drill steps, restore log, RTO/RPO worksheet | Open |
|
Vendor access register Governance Access |
Tracking who has access to what (and reducing third-party risk) | 10–15 min | Register template + checklist for third-party access reviews | Open |
|
Wi‑Fi vs internet troubleshooting flow Connectivity Wi‑Fi |
Isolating whether dropouts are Wi-Fi, internet, or the application | 5–10 min | 5-step flow, copy/paste capture sheet, quick fixes, when to escalate | Open |
|
IT operating rhythm template Governance Planning |
Moving from firefighting to predictable monthly/quarterly IT | 10–15 min | Cadence table, agendas, action tracker, simple structure to reduce surprises | Open |
|
DMARC Email Trust Baseline Security Email Trust |
Reducing spoofing risk and improving trust in business email | 10–15 min | SPF/DKIM/DMARC checks, staged rollout path, questions to ask IT/MSP, common gotchas | Open |
|
Admin Access Baseline Access Security |
Reducing privileged-account risk without making support chaotic | 10–15 min | Fast checks, admin access register, hardening checklist, common gotchas | Open |
|
Recovery Planning Worksheet (RPO / RTO + Restore Evidence) Continuity Recovery |
Turning recovery assumptions into written targets and evidence | 15–20 min | RTO/RPO worksheet, restore evidence checklist, gap logging, planning prompts | Open |
|
First-Hour Incident Checklist + Communications Template Security Incident Response |
Reducing confusion and delay in the first hour of an incident | 10–15 min | First-hour checklist, role prompts, internal comms template, common gotchas | Open |
|
Patch Ring Plan Template Ops Patching |
Making updates safer through pilot groups, controlled rollout, and exception handling | 10–15 min | Patch ring plan, evidence checklist, exceptions register, success markers | Open |
|
SaaS Governance + Shadow IT Checklist Governance SaaS |
Reducing app sprawl, unknown subscriptions, and hidden access risk | 10–15 min | Quick review questions, SaaS register, shadow IT controls, common gotchas | Open |
|
Failover + Connectivity Resilience Checklist Connectivity Failover |
Testing backup connectivity and proving failover really works | 10–15 min | Quick checks, controlled test plan, evidence log, questions for IT/MSP | Open |
|
MSP Reporting Pack Template (Owner-Friendly) Governance MSP |
Making service reviews clearer and more useful for owners/managers | 10–15 min | Monthly report structure, simple metrics, action tracker, quarterly prompts | Open |
Informational only, non contractual. Final scope and commercials are confirmed in your Order Form / Statement of Work.
© Virtus Group Ltd • Ethical. Local. Reliable. Your IT, Simplified.