Security, Compliance and Risk Practitioners
Get in Touch!

About Us


Thinking ( is an independent and market leading organisation focused on the ICT Security industry.
Our core values include building partnerships, learning and curiosity.

Common sense and pragmatism underlies our approach drawing on experience and training to deliver solutions to our client's satisfaction.

The services we offer include a mixture of business advisory, project and ICT consultancy related topics. This combination allows us to see beyond the traditional ICT approach of point solutions to build structures that are beneficial to our clients' long term business success.

Our Services

Please contact us to discuss your needs

The SAM Monitoring Service provides a secure cloud-based web portal through which contracted specialist IT security and communication systems are monitored in near real-time with updates at regular intervals dependent on the service requirement. Alerts are sent when issues are detected and historical data is able to be reported on for capacity planning or forensic analysis. Portal access is supported by most standard web browsers and there available i-Phone and Android apps for download too.


  • Hardware (Disc, Memory, CPU, NIC’s etc.)
  • Availability (ping, mrtg, uptime)
  • Operating system (swap, routed, SSH, NTP etc.)
  • Throughput (Sessions, link usage, jitter etc.)
  • Firewall Services (VPN, Cluster, mgmt., etc.)
  • Change Control (FW Policy, uptime)
  • Versions and Usage (Version, licenses etc.)
  • External change (Baseline scan)
  • Custom (can write custom monitors to suit – additional charges may apply)
  • BPI (Business Process Intelligence – additional charges apply)


  • Email (multiple recipients per service monitored)
  • SMS
  • Scheduled Downtime/Recurring downtime
  • Alert acknowledgement and mass acknowledgement


  • Executive Summary
  • Availability
  • Capacity Planning
  • Bandwidth
  • Notification/Alert/State History
  • SLA reporting
  • Graphs on specific services
  • Maps on hosts/services (BB, Hyper, Mine etc.) – useful for projection to screen
  • Dashboard (in portal)

Portal Access

  • Web Access
  • Mobile App Access (iPhone and Android)

Patching and Updates

  • Backup prior
  • Download patches
  • Apply Patches
  • Post patch testing of functionality
  • Manage any vendor support calls associated with patching
  • After Hours or during hours to suit

Moves, Adds, Changes (MACs)

  • Time and Materials based engagement, typically ad-hoc with no service level agreement or scope document. Engagements under 2 days are considered time and materials.

Statement of Work Fixed Price Engagement

If you have a project that requires a fixed fee installation, upgrade or migration tailored for your environment, then this option is designed just for you.

  • Project Management and Implementation Plan
  • Customised deployment
  • User Acceptance Testing
  • Full As Built Documentation
  • Set Price
  • Typically over 2 days work

Vulnerability Assessment

  • Red Team based typically non-intrusive analysis of vulnerabilities with assessment of effective risk to the business

Relationship Risk Management

  • Assisting businesses with implementing risk assurance Fully managed Third party due diligence services. Risk assessments are based on existing templates provided by customer, national/International security standards,or customised to suit. Hosted in the cloud, the platform Integrates with overall risk management and reporting tools and removes the need for spreadsheet management.

Policy Development

  • Security policy creation and development of individually customised policies, covering PCI DSS, NZISM, HIPA ISO 27001 data privacy and contractual requirements.


  • PCI DSS compliance support, from initial responses to scoping and full PCI DSS program compliance management. In addition, NZISM and 27001 compliance support.

Security Management

  • Virtual ITSM/CISO services where employing a full time position cannot be justified. We can provide expert consultancy on an ongoing basis. Addressing baseline security risks, security program development, and reporting. Security architecture consultancy, SABSA expert security reviews of security architecture, networks, Cloud services, BYOD, Office 360, Virtual environments, Hybrid cloud.


Security Appliance Monitoring

Service Description

Supported Appliance/System Vendors: Check Point, RSA, Fortinet, BlueCoat, PaloAlto, Watchguard, Citrix and Cisco. Other devices can be supported on an application basis.

Service Setup (Onboarding): Thinking will facilitate the setup of the monitoring service and will work with your support staff to establish a secure connection of your nominated devices to the cloud service. Administrator level access is required to establish the service. An Onboarding fee may apply, see rates and fees schedule for details.

Monitoring Scope: Thinking will provide the contracted End Customer system with monitors for critical services, critical processes, memory, storage, logs, interfaces and bandwidth monitoring capability as appropriate. A list of standard monitors will be available to view via the End Client Portal.

The standard monitoring package will limit each contracted device/system to a maximum of twenty (20) monitors. Additional monitors are available but are subject to additional service fees.

Monitoring Script Maintenance: Thinking will be responsible for maintaining working monitor and remediation scripts for the contracted appliance(s) so long as the device and OS are under a current vendor support contract.

Customers will not be permitted to modify the Thinking monitoring scripts or apply their own monitors via this service.

End Customer Portal: Each customer will be provided with up to 3 logons to a secure web portal where current and historical error/fault data can be viewed in a series of graphs and reports at:

SAM LogonOpens in a new window

End Customer Portal - Security: Customers must use discretion when managing logon accounts to this service and maintain security best practices.

Users must not share their login identifier or password

Passwords to the portal should be changed every sixty (60) days

Passwords will be enforced to comply with basic complexity practices

A facility for users to reset their own passwords will be provided on the End Customer Portal login page

Monitoring Communications: Monitoring meta-data transmitted from your devices to the End Customer Portal database are secured using industry security filters or Virtual Private Network (VPN) technology to ensure transmission privacy.

Data Sovereignty: The End Customer Portal and the monitoring meta-data databases are housed in a secure datacentre in New Zealand.

Alert Notifications: When service availability or error events are detected by the monitoring service, they are displayed in the customer portal on the home screen and are stored for historical analysis for up to 12 months.

Android and i-Phone applications are available for download that enable direct portal access from your mobile phone.

Notifications can be configured to:

Forward to multiple email addresses

Send TXT alerts to mobile phones (subject to additional service fees)

Service Availability: Thinking will use commercial best efforts to provide customers with 97% service availability relating to its cloud platform.

Thinking Service Maintenance: To provide optimal performance of the service, it is necessary to perform routine maintenance on the Cloud hosting servers which may temporarily require taking the servers off-line.

Thinking reserves the right to plan a scheduled outage with seven (7) days advance notice. Thinking will use commercial best efforts to schedule these outages at off-peak hours and limit their occurrence to strictly necessary upgrades and required maintenance.

Scheduled outages will be notified via e-mail to the designated administrator of each customer.

It is the responsibility of the customer administrators to notify others within their organisation of scheduled outages.

Service Desk Support: This service is a monitoring only service and does not include access to a formal helpdesk. Support for the diagnosis or remediation of incidents may be requested by contacting Thinking via email or through the EndClient Portal. Time and material charges may apply.

The hours of operation of this service are:

Portal operation - 24 hours a day, 7 days a week (24/7)

EndClient Portal support - 8:30 a.m. to 5:00 p.m. Normal Business Hours

Customer Responsibilities: It is the customer's responsibility to ensure that:

All monitored devices are supported by a current vendor support contract

is notified at least seven (7) days advance of any planned changes or outages that could affect the monitored devices

Moves, Adds & Changes (MAC): Thinking provides a MAC process where the customer can undertake changes to monitored on their network that require part or all of the monitoring service to be reconfigured including:

Change of Internet provider (ISP) or connection type

Software changes to the monitored devices

Equipment swaps or replacements

A MAC request form will be available on the EndClient Portal to formally notify Thinking of the impending changes. Thinking will reply to the customer informing them if any additional changes to the underlying service are necessary and whether additional charges may apply.

To minimise the impact of MAC's on the monitoring service the customer should provide Thinking with seven (7) days advance notice of any planned changes.


Screenshots of an example host is shown below to give you an overview of what we can achieve. We would be happy to demonstrate our capability for your particular business situation.

Services Overview

of monitored services are shown below. We can add anything that the SNMP MIB supports for your device.

Drill Down

Drill down is available on any service that logs a numeric response over time such as disk usage, processor, sessions etc

ANDROID Interface

Example of the Android application monitoring a host and services in real time. Also available on the iPhone.


Access to this portal is for authorised users only

To logon please have a valid user id and click on the link below:

SAM Monitoring

Our Partners

We use only the best

Our Vendors

We supply only the best

* These fields are required.