About SAM for Compliance
SAM for Compliance (S4C) is your Cybersecurity Compliance Assistant and Manager.
SAM for Compliance are experts in Local and State Government Cybersecurity, Finance and Insurance Industry Cybersecurity, Non-Profit Cybersecurity and Corporate and Business Cybersecurity.
We built S4C so you could throw away your compliance spreadsheets. S4C takes the pain away from implementing and managing compliance and provides real-time visibility as to your cybersecurity posture.
- Assess your status against a selected framework
- View your compliance status in realtime
- Identify and prioritise your mitigation and remediation activities
- Set responsibilities and monitor progress
- Assign and manage Actions
- Set, allocate and manage Tasks
- Report on compliance Generate executive reports
- Monitor progress towards compliance and Demonstrate improvement or highlight risks.
SAM for Compliance specialises in running industry programs to raise the bar on standards conformance, improving organisational performance and reducing related risk.
Our History
The SAM (Self Assessment and Monitoring) System was developed in 2016 to allow organisations to self-assess their conformance to specific Standards. Although the system was created with information security in mind, it is not limited to this and is designed so that we can embed any Standard relating to any subject or topic into the system providing that we can define the controls from the Standard. We currently have 30 plus standards and frameworks available applicable to New Zealand, Australia, USA and the UK.
SAM came about due to our frustration that a snap-shot-in-time audit did not provide the ongoing visibility organisations needed to manage and improve their cybersecurity performance. We believed that a dynamic tool which reflected improvement or deterioration of performance over time would be more relevant than a document that was glanced at and then confined to the back shelf.
We were also of the opinion that many of the internationally recognised cybersecurity standards were not a good fit for New Zealand. The size and scope of many of our organisations, including some Government Agencies and Local Government, were not of sufficient scale, nor did they have available the resources required to implement compliance to these extensive Standards.
While there are other compliance and risk management systems available, many of these are complex and very expensive to implement. We believe that compliance management should not just be available to the large multi-national corporations, but also to small and medium sized organisations that may not have the knowledge or resources necessary to use these big systems. Simplicity and removing cost as a barrier to entry was the key to success.
Our Partners
SAM for Compliance has some special partnerships with like-minded organisations with a global perspective on reducing cybersecurity risks.
The Association of Local Government Information Managers (ALGIM) is a not-for-profit registered charity that was initially founded in 1975 by an enthusiastic group of EDP Managers known as the Information Technology Management Group (ITMG), which was part of the New Zealand Local Government Association (NZLGA). In 1995 ITMG became independent of the NZLGA. As a result the Association of Local Government Information Management was officially established on July 1 1996. The inaugural meeting of ALGIM was held on 22 - 23 April 1996.
ALGIM provides professional development and thought leadership across a range of local government professions. Their roots are in ICT, but over the years they've expanded to encompass the traditional IT roles, IT infrastructure, web and digital, information and records management, customer service, and GIS. Through the three high-calibre conferences, training academy, scholarships, awards, and networking, they provide dozens of options for further training, education and professional development. They also offer thought leadership to the local government sector through best practice toolkits, advocacy, research, auditing and mystery shops, and shared services.
Their vision is a digitally transformed local government sector and their mission is bringing people and technology together to deliver better services.
The ALGIM Local Government Cybersecurity Improvement Programme is powered by SAM for Compliance and SAM for Compliance Ltd works in partnership with ALGIM to support and deliver this programme.
Jackie Krzyzewski was on the ALGIM Board for almost ten years and held the office of President in 2000.
To learn more, please visit the ALGIM Website
The Center for Internet Security (CIS) is a not-for-profit organization dedicated to enhancing the cyber security readiness and response among public and private sector entities. Utilising its strong industry and government partnerships, CIS combats evolving cyber security challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. CIS, in association with the City of London Police and the Office of the New York County District Attorney, is a founding partner in the Global Cyber Alliance, an international cross-sector effort designed to confront, address, and prevent malicious cyber activity.
SAM for Compliance is a big supporter of the Centre for Internet Security. Tony Krzyzewski is a contributor to the ongoing development and refinement of the CIS Controls to ensure that they continue to remain effective and relevant.
Tony Krzyzewski is a CIS Controls Ambassador.
Read the Center for Internet Security case study on SAM for Compliance
To learn more about what the CIS does, please visit Centre for Internet Security
An International, Nonprofit Organization Collectively Confronting Cyber Risks
The Global Cyber Alliance was established in September 2015 by the Manhattan District Attorney’s Office, the City of London Police, and the Center for Internet Security. The Global Cyber Alliance (GCA) is an international, crosssector nonprofit dedicated to confronting systemic cyber risks and improving our connected world. The Alliance is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements.
GCA’s mission is to identify systemic cyber risks where significant progress can be made on risk reduction and bring together the people and resources to identify and implement a solution – to take action – and to measure the effect.
Tony Krzyzewski is an Ambassador for the Global Cyber Alliance.
To learn more about what the GCA, please visit Global Cyber Alliance
Our Team
The SAM for Compliance team has decades of experience in the standards, policy, compliance, audit, risk management and cybersecurity sectors
Tony Krzyzewski
Co-founder and Director of SAM for Compliance, Tony is very well known in the IT industry after forty seven years, with twenty nine of those being in the cybersecurity sector. He is a Global Cyber Alliance Ambassador and a Fellow of New Zealand's Institute of IT Professionals. Tony is New Zealand's Convenor on the International Standards Organisation SC27 Information Security, Cybersecurity and Privacy Protection Standards Committee. In this role, he holds New Zealand's vote on the progression and final approval of these Standards. Tony is a regular contributor to the Center for Internet Security CIS Controls and its supporting companion guides. He is a CIS Controls Ambassador and regularly speaks at cybersecurity events across the world. Tony has considerable experience in cybersecurity auditing and standards compliance with a particular focus on local government and small/medium enterprise risk mitigation. In 2023 Tony was inducted into the Information Security Association of New Zealand Hall of Fame in recognition of his contribution to cybersecurity within New Zealand, and Internationally.
Joe Dalessandro
Joseph (Joe) Dalessandro, MS, has extensive experience and qualifications in Information Security, and Audit, in a career spanning over 25 years. Joe has worked around the world in roles in both Information Security and Internal Audit and spent four years in Australia with the US financial institution, Vanguard, setting up their first Internal Audit department outside the USA, where he then served as Global Head of Internal Audit for the Asia-Pacific region covering Australia, Singapore, Hong Kong and Japan. Joe is currently the head of the bespoke consulting firm, Sirius Matters, which provides cybersecurity Audit-as-a-Service and cybersecurity Board coaching to organisations in Australia and New Zealand. A lover of continuous learning, Joe teaches cybersecurity concepts, including cyber risk, crisis response and technical security audit in the Graduate programs at Tulane University and Brandeis University in the USA. Joe is a Senior Member and Certified Cybersecurity Professional with the Australian Computer Society (ACS) where he also serves as the Vice-Chair of the Technical Advisory Board for Cybersecurity. Joe holds an MS, CISSP, CISA, CRISC, CFI, CISM, ISO27001 Lead Auditor, ISO27001 Lead Implementer and other qualifications.
Jackie Krzyzewski
Jackie started working with computers as a computer operator back in 1977. She is the Managing Director of SAM for Compliance Ltd. She designed and developed the SAM for Compliance system in 2016 and is the architect of the system's compliance frameworks. Jackie spent 14 years working in local government in IT as a systems operator and system administrator, and latterly as IT Manager. During this period she served for over 10 years on the ALGIM Committee, holding the office of President in 2000. From 2004 she has worked in the area of policy and compliance and developed a comprehensive policy system which was sold globally. Jackie continues to develop new frameworks for implementation within SAM for Compliance and, in conjunction with ALGIM, she developed the Local Government Cybersecurity Programme which was launched in 2018.
Czarny (Charney) 2007 - 2024
Her name is Polish and means black. She became the company mascot, super efficient work supervisor and paw-code writer. Her outstanding contribution to the team led us to incorporate her into the company logo. She may no longer be with us in the flesh but she lives on as our black cat icon.