$399 + GST Get My Health Check

In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.

The NDIS Commission is increasing scrutiny on information security.

NDIS providers hold deeply sensitive information: disability diagnoses, support needs, behavioural incidents, medication details, financial circumstances. A breach doesn't just expose data—it exposes vulnerable people to exploitation, discrimination, and harm. The Commission takes this seriously, and so should you.

The Practice Standards now explicitly address information management. If you're a registered provider, you must demonstrate you have systems to protect participant information. Auditors are asking harder questions about cyber security. "We use a password" isn't going to cut it anymore. Can you actually demonstrate your controls?

The NDIS Commission and Privacy Act have real consequences.

The NDIS Commission can suspend or revoke the registration of providers who fail to meet its Practice Standards — which now include how you manage and protect information. A serious data breach triggers mandatory reporting and an investigation. The Privacy Act adds penalties up to $50 million for failing to protect personal information, and information about people with disability counts as "sensitive information" needing higher protection. If you can't show you had reasonable protections in place, you're risking everything you've built.

PRODA portal access is a high-value target.

Your PRODA credentials provide access to the NDIS portal for claiming and participant plan information. Compromised credentials mean fraudulent claims, access to participant details across your entire client base, and an investigation that could take months to resolve. Multi-factor authentication and proper access controls aren't optional.

Support workers in the field create additional risk.

If your workers provide in-home support, they're accessing participant information from mobile devices, personal phones, and potentially unsecured networks. They're taking notes, capturing incident reports, and communicating about sensitive matters. Do you actually know how this information is being protected—or exposed?

Plan managers and support coordinators hold the keys to participant finances.

If you manage participant plans or coordinate supports, you have visibility into their funding, spending, and service arrangements. Financial exploitation of people with disability is a growing crime. Your systems need to ensure that access to financial information is controlled, monitored, and protected.

This health check is built specifically for NDIS providers.

Plain-English questions covering PRODA portal security, client management systems, incident reporting, mobile workforce considerations, Practice Standards alignment, and the specific risks of handling vulnerable people's information. No technical jargon—designed so any provider can complete it and understand the results.

What you get:

67
Plain-English Questions
Specific to NDIS providers—no technical knowledge required
Clear Security Score
See exactly where you're protected and where you're exposed
Prioritised Actions
Gaps ranked by risk, then turned into a phased action plan you track to completion
Professional Reports
Comprehensive Word report with scores, recommendations, and improvement plan

What your results look like

Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)

Cyber Security Health Check results screen showing an overall score and maturity across Essential, Recommended and Advanced practice levels
Your overall score, plus maturity across Essential, Recommended and Advanced practices.
Domain Maturity Analysis showing a score-by-domain bar chart and a gap risk distribution pie chart
A breakdown across every security domain, with your gaps grouped by risk level.
What You're Doing Well section highlighting the security areas where the business is already strong, with a score and an Excellent rating
It's not just problems — it highlights what you're already doing well, too.
Identified Gaps table listing each gap with time, cost, urgency, risk and priority, plus a plain-English recommendation
Every gap ranked by priority, each with a plain-English recommendation.
Action Register table listing chosen actions with owner, due date and status, plus a Download register Excel button
Turn gaps into a tracked action register — owner, due date, status, export to Excel.

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Registered NDIS providers of all sizes—support coordinators, plan managers, therapy providers, support workers, and disability accommodation services. Business owners, managers, and compliance officers responsible for meeting Practice Standards. Any NDIS provider that handles participant information and wants to understand their cyber security posture.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

  • Explains technical concepts in everyday language
  • Gives real-world examples relevant to your industry
  • Never suggests how to answer — just helps you understand
  • No technical background required to complete the assessment
AI question helper explaining a cyber security question in plain English during the assessment
Assessment question interface showing radio button answer choices and plain English guidance
After you finish

Available the moment you see your results.

Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.

  • "Explain my highest risk gap in simple terms"
  • "Walk me through how to fix action #3"
  • "Which gaps are easiest to fix myself?"
  • Ask anything — your advisor knows your specific results
AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

Get the NDIS Provider Cyber Health Check

Get My Health Check
$399 + GST
Instant download · 30-day money-back guarantee · Runs entirely on your device

Common Questions

Why do NDIS providers need to prioritise cyber security?
NDIS providers hold sensitive participant information including disability details, support plans, medical histories, and financial records. This data is protected under strict NDIS Commission requirements and the Privacy Act. Providers also access the NDIS myplace portal, creating credential fraud opportunities. A cyber incident can disrupt critical support services for vulnerable participants — making security both a compliance obligation and a duty of care.
What cyber security obligations apply to NDIS providers?
The NDIS Commission's Practice Standards require registered providers to protect the privacy and dignity of participants, which extends to their personal information. The Privacy Act 1988 applies to all providers collecting participant data. NDIS Quality and Safeguards requirements include demonstrating adequate information management systems. Providers with NDIS myplace portal access must protect their login credentials and report suspected misuse.
What does the NDIS Provider Health Check cover?
The health check covers NDIS myplace portal credential security, participant record and support plan protection, communication security with participants and families, case management software access controls, staff device and password management, incident and data breach response planning, and security practices specific to distributed support delivery environments.
What do I receive after completing the health check?
You receive a professional Word report with prioritised recommendations tailored to NDIS provider risks. The report documents your current security posture and improvement actions — suitable for sharing with the NDIS Commission if required, your compliance officer, or keeping on file as evidence of reasonable steps to protect participant information.

View all frequently asked questions →

Further Reading

Resource

Cyber Security for NDIS Providers

Why NDIS providers must protect sensitive participant data, what the NDIS Commission Practice Standards require, and the controls that demonstrate compliance.

Read the guide