NDIS Provider
Cyber Security Health Check
NDIS participants are among Australia's most vulnerable people. Protecting their information isn't optional—it's a registration requirement.
In about an hour, see exactly where you're exposed, turn your gaps into a prioritised action plan you can track, and get a professional report you can show your insurer, regulator, or clients — no IT knowledge needed.
The NDIS Commission is increasing scrutiny on information security.
NDIS providers hold deeply sensitive information: disability diagnoses, support needs, behavioural incidents, medication details, financial circumstances. A breach doesn't just expose data—it exposes vulnerable people to exploitation, discrimination, and harm. The Commission takes this seriously, and so should you.
The Practice Standards now explicitly address information management. If you're a registered provider, you must demonstrate you have systems to protect participant information. Auditors are asking harder questions about cyber security. "We use a password" isn't going to cut it anymore. Can you actually demonstrate your controls?
The NDIS Commission and Privacy Act have real consequences.
The NDIS Commission can suspend or revoke the registration of providers who fail to meet its Practice Standards — which now include how you manage and protect information. A serious data breach triggers mandatory reporting and an investigation. The Privacy Act adds penalties up to $50 million for failing to protect personal information, and information about people with disability counts as "sensitive information" needing higher protection. If you can't show you had reasonable protections in place, you're risking everything you've built.
PRODA portal access is a high-value target.
Your PRODA credentials provide access to the NDIS portal for claiming and participant plan information. Compromised credentials mean fraudulent claims, access to participant details across your entire client base, and an investigation that could take months to resolve. Multi-factor authentication and proper access controls aren't optional.
Support workers in the field create additional risk.
If your workers provide in-home support, they're accessing participant information from mobile devices, personal phones, and potentially unsecured networks. They're taking notes, capturing incident reports, and communicating about sensitive matters. Do you actually know how this information is being protected—or exposed?
Plan managers and support coordinators hold the keys to participant finances.
If you manage participant plans or coordinate supports, you have visibility into their funding, spending, and service arrangements. Financial exploitation of people with disability is a growing crime. Your systems need to ensure that access to financial information is controlled, monitored, and protected.
This health check is built specifically for NDIS providers.
Plain-English questions covering PRODA portal security, client management systems, incident reporting, mobile workforce considerations, Practice Standards alignment, and the specific risks of handling vulnerable people's information. No technical jargon—designed so any provider can complete it and understand the results.
What you get:
What your results look like
Finish in about an hour and you get a clear overall score, a breakdown across every security domain, and every gap turned into a prioritised action plan you can track and export. (Example output.)
What You Receive
Every assessment generates a comprehensive report. Download a sample below.
Summary Report
Plain-English findings with scores, prioritised improvement plan, risk associations, and resources
Download SampleComplete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.
Who is this for?
Registered NDIS providers of all sizes—support coordinators, plan managers, therapy providers, support workers, and disability accommodation services. Business owners, managers, and compliance officers responsible for meeting Practice Standards. Any NDIS provider that handles participant information and wants to understand their cyber security posture.
Your Assessment Includes a Personal AI Security Advisor
Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.
Not sure what a question is asking? Just ask.
Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.
- ✓ Explains technical concepts in everyday language
- ✓ Gives real-world examples relevant to your industry
- ✓ Never suggests how to answer — just helps you understand
- ✓ No technical background required to complete the assessment
Available the moment you see your results.
Once your results are in, an AI security advisor can answer any question about what they mean — in plain English, like talking to a security professional. It can even draft a phased action plan from your specific gaps — what to fix first, next, and over time.
- ✓ "Explain my highest risk gap in simple terms"
- ✓ "Walk me through how to fix action #3"
- ✓ "Which gaps are easiest to fix myself?"
- ✓ Ask anything — your advisor knows your specific results
Get the NDIS Provider Cyber Health Check
Get My Health CheckCommon Questions
Why do NDIS providers need to prioritise cyber security?
What cyber security obligations apply to NDIS providers?
What does the NDIS Provider Health Check cover?
What do I receive after completing the health check?
Further Reading
Resource
Cyber Security for NDIS Providers
Why NDIS providers must protect sensitive participant data, what the NDIS Commission Practice Standards require, and the controls that demonstrate compliance.
Read the guide