NDIS Provider Cyber Security Health Check — Self-Assessment Tool

Your participants are among Australia's most vulnerable people. Is their data safe?

NDIS providers hold deeply sensitive information — disability support needs, health conditions, behavioural reports, financial details, and personal circumstances that participants have shared in trust. The NDIS Practice Standards require you to manage information securely, the NDIS Commission expects providers to safeguard participant data, and the Privacy Act demands you protect personal information. A breach doesn't just trigger OAIC investigations and financial penalties — it exposes the private details of vulnerable Australians and can put your NDIS registration at risk.

This Health Check gives you a clear picture of where your organisation stands — and a practical action plan to close the gaps. No IT background needed.

Built for providers and support coordinators, not IT professionals:

Every question is written in plain, everyday English. Technical terms include built-in hover tooltips that explain them simply, and the companion user guide explains the intent behind every question so you always understand what's being asked and why.

When you're done, the tool generates a clear, easy-to-follow action plan tailored to your organisation. Each recommendation tells you what the gap is, what to do about it, how urgent it is, and roughly how much time and money it will take — automatically sorted by priority. No guesswork, no generic advice — just practical steps based on your actual answers.

What's included:

1. Self-Assessment Tool (HTML file) An interactive assessment covering 12 key security areas across 67 questions, purpose-built for how NDIS providers actually work:

→ Passwords & Access — Are client management systems, PRODA, and participant records properly secured? → Backups & Recovery — Could you recover client data after ransomware or hardware failure? → Support Worker Awareness — Do your workers understand their security and privacy obligations? → Client Data Protection — Are participant records, health information, and support plans handled in line with the Privacy Act? → Incident Response — Do you know what to do if participant data is compromised? → Suppliers & Services — Are your IT providers, software vendors, and subcontractors covered? → Plus six more domains covering updates, security software, device security, network protection, secure configuration, and leadership governance.

2. User Guide & Question Reference (Word document) A comprehensive companion guide including:

→ Step-by-step instructions for navigating the assessment and using all features → Tips for answering accurately — what "Yes" really means and how to think about evidence → How to interpret your results — understanding your score, readiness level, and priority actions → How to use the Word and Excel exports for compliance, insurance, and IT provider discussions → Full question reference guide — every question explained with "Why This Matters" context and "Evidence to Look For" indicators

What you get when you complete the assessment:

✔ Overall security score with a clear readiness rating

✔ Visual dashboard with category-by-category breakdown

✔ Prioritised action plan — personalised to your answers, sorted by urgency, with estimated time and cost

✔ Specific, actionable recommendations written in plain language

✔ Exportable Word report — ready to share with management or insurers

✔ Exportable Excel workbook with incident response contacts and step-by-step checklist

✔ Australian-focused — references NDIS Practice Standards, NDIS Commission, PRODA, OAIC, ACSC, Privacy Act, and Notifiable Data Breaches scheme

Who is this for?

• Small to medium NDIS providers wanting to protect their participants and their organisation
• Practice managers and compliance leads looking to benchmark security practices
• Providers preparing for NDIS Commission audits, registration renewals, or cyber insurance applications
• Support coordinators and plan managers wanting to demonstrate due diligence
• Anyone handling participant data — regardless of technical ability

How it works:

Download both files — open the HTML file in any modern browser and keep the user guide handy. Answer the questions honestly, and the tool does the rest. No installation, no software, no cloud account required. Your data stays on your device.

Built by CyberAssure — practical cyber security tools for Australian businesses.