About Outplat

Built by practitioners.
Designed to scale.

Outplat is a specialist compliance practice — founded on deep practitioner experience, built with the structure and standards of a firm that grows with its clients.

The Practice

A compliance practice built on
standards that don't scale down

Outplat was founded because the organisations that most need specialist compliance expertise are the ones least able to access it at the rates the big firms charge. We exist to close that gap — with the rigour of a tier-1 practice and a model that works for the organisations we serve.

01
Practitioner-led delivery
Every Outplat engagement is led by a senior practitioner with direct, hands-on experience in the relevant sector and framework. Not supervised by one. Not reviewed by one. Led by one — from scoping through to ongoing management.
02
Built to grow with clients
The practice is structured to scale. As client engagements grow in scope and complexity, Outplat draws on a network of specialist associates across technical security, legal, and audit disciplines — always under the same quality standards.
03
Sector focus, not headcount
We don't measure ourselves by team size. We measure by depth of expertise in our four segments. Every person who works on an Outplat engagement — permanent or associate — is selected because they know this work from the inside.
Our Founder

The standard every
engagement is held to

Outplat's founding practitioner brings nearly two decades of experience as the person inside WA organisations responsible for making compliance work — not advising on it from the outside. Utility-scale critical infrastructure. State-level health systems. ASX-listed resources companies. Defence-adjacent programs.

In each context, the same pattern: real obligations, constrained teams, and the expectation that security would simply get done. That experience is the foundation every Outplat engagement is built on — and the benchmark every associate and partner is held to.

The practice exists to make that standard of expertise accessible to the organisations that need it most, on a model they can actually afford. The work that gets done at Outplat is the same work that used to cost three times the price at a national firm — because the people doing it have already done it, in your industry, under real conditions.

Resources & Energy
Mining, LNG, offshore, pipeline — supply chain compliance under real operational pressure
Defence & Government
DISP, PSPF, and security programs in defence-adjacent and government environments
Health & Education
Privacy Act obligations in sectors that handle the most sensitive personal data
Technology & Product
ISO 27001 and SOC 2 for product companies with enterprise sales on the line
Simi Das — Founder, Outplat Security
Simi Das
Founder & Director
19 years across cybersecurity, GRC, and compliance leadership in WA's most demanding industries — delivering real compliance outcomes across critical infrastructure, health, mining, and defence-adjacent programs.
How We Scale

Practitioner standards.
Practice capacity.

Outplat is structured from day one to grow with the clients it serves. The practice model means that as client needs expand — in scope, in complexity, in geography — the capacity to serve them expands too.

We work with a network of specialist associates across technical security testing, legal and privacy counsel, audit preparation, and framework-specific domains. Every associate engagement is scoped, overseen, and quality-checked to the same standard as work delivered directly by our founding team.

This isn't a freelancer with a network. It's a practice with a structure — and a clear standard that every person working under the Outplat name is held to, regardless of how the engagement is staffed.

Associate & partner network

Where engagements require specialist depth — penetration testing, legal privacy counsel, IRAP assessment, forensic audit — Outplat draws on vetted specialists with track records in the relevant domain. Senior oversight on every engagement means the accountability never gets diluted, regardless of who is delivering.

No offshore handoffs
All work is managed from Perth. Client relationships, oversight, and accountability stay onshore and in-timezone.
Consistent standards
Every person who touches an Outplat engagement — staff or associate — works to the same methodology and quality bar.
Sector-matched expertise
Associates are selected for segment fit, not availability. The right expertise for your industry, every time.
Senior accountability
Every engagement has a named senior practitioner accountable for outcomes — not a project manager two steps removed from the work.
Why This Model

The problem we
set out to solve

A WA mining contractor with a 30-day Essential Eight deadline doesn't need a national firm with a Sydney partner and a junior delivery team. They need practitioners who have done this before, who understand their environment, and who will still be managing it next month.

The CMaaS model exists because compliance isn't a project — it's a permanent obligation. Assessments expire. Controls drift. Questionnaires arrive without warning. A retainer relationship managed by people who know your environment is the only model that keeps organisations genuinely ready — not just assessed and forgotten.

Specialists, not generalists
Four segments. Deep expertise in each. Every client benefits from pattern recognition across many similar organisations.
Fixed price, always
One monthly fee. No timesheets, no scope creep invoices, no surprises at end of month.
Permanently audit-ready
We manage controls and evidence continuously — not just when an audit is scheduled.
Perth-based, WA-focused
We understand the WA market — mining supply chains, AUKUS defence opportunities, and the realities of operating here.
Beyond the Work

Technology as a
pathway for young people

A career in cybersecurity carries an obligation to bring others into the field. Outplat is committed to supporting initiatives that open genuine pathways in technology for young people — particularly those without the networks or resources that make entry into this industry easier for some than others.

We direct a portion of our work toward education access, mentorship, and industry exposure for young people who could build careers in technology and cybersecurity, but haven't yet had a reason to believe that's possible for them.

If you run a program we should know about, or if you're looking for an industry partner — we'd like to hear from you.

Work With Us

Ready to talk about
your obligations?

A 30-minute discovery call costs nothing. We'll confirm which frameworks apply, what your compliance gaps look like, and what a fixed monthly engagement would look like for your organisation.

Book a free discovery call See our services