NDIS Provider Cyber Security Health Check

The NDIS Commission is increasing scrutiny on information security.

NDIS providers hold deeply sensitive information: disability diagnoses, support needs, behavioural incidents, medication details, financial circumstances. A breach doesn't just expose data—it exposes vulnerable people to exploitation, discrimination, and harm. The Commission takes this seriously, and so should you.

The Practice Standards now explicitly address information management. If you're a registered provider, you must demonstrate you have systems to protect participant information. Auditors are asking harder questions about cyber security. "We use a password" isn't going to cut it anymore. Can you actually demonstrate your controls?

The NDIS Commission and Privacy Act have real consequences.

The NDIS Commission can suspend or revoke registration for providers who fail to meet Practice Standards—including information management requirements. A serious data breach triggers mandatory reporting and investigation. The Privacy Act adds penalties up to $50 million for failing to protect personal information—and information about people with disability is classified as "sensitive information" requiring higher protection. If you can't show you had reasonable protections in place, you're risking everything you've built.

PRODA portal access is a high-value target.

Your PRODA credentials provide access to the NDIS portal for claiming and participant plan information. Compromised credentials mean fraudulent claims, access to participant details across your entire client base, and an investigation that could take months to resolve. Multi-factor authentication and proper access controls aren't optional.

Support workers in the field create additional risk.

If your workers provide in-home support, they're accessing participant information from mobile devices, personal phones, and potentially unsecured networks. They're taking notes, capturing incident reports, and communicating about sensitive matters. Do you actually know how this information is being protected—or exposed?

Plan managers and support coordinators hold the keys to participant finances.

If you manage participant plans or coordinate supports, you have visibility into their funding, spending, and service arrangements. Financial exploitation of people with disability is a growing crime. Your systems need to ensure that access to financial information is controlled, monitored, and protected.

This health check is built specifically for NDIS providers.

Plain-English questions covering PRODA portal security, client management systems, incident reporting, mobile workforce considerations, Practice Standards alignment, and the specific risks of handling vulnerable people's information. No technical jargon—designed so any provider can complete it and understand the results.

What you get:

67

Plain-English Questions

Specific to NDIS providers—no technical knowledge required

Clear Security Score

See exactly where you're protected and where you're exposed

Prioritised Actions

Gaps ranked by risk with specific steps to fix each one

Professional Reports

Comprehensive Word report with scores, recommendations, and improvement plan

What You Receive

Every assessment generates a comprehensive report. Download a sample below.

Summary Report

Plain-English findings with scores, prioritised improvement plan, risk associations, and resources

Download Sample

Complete it in about 60 minutes. No technical knowledge required. Your data never leaves your device.

Who is this for?

Registered NDIS providers of all sizes—support coordinators, plan managers, therapy providers, support workers, and disability accommodation services. Business owners, managers, and compliance officers responsible for meeting Practice Standards. Any NDIS provider that handles participant information and wants to understand their cyber security posture.

AI-Powered

Your Assessment Includes a Personal AI Security Advisor

Two AI assistants are built into the tool — one to help you during the assessment, one to help you make sense of your results. Like having a security professional on call.

During the assessment

Not sure what a question is asking? Just ask.

Every question in the assessment has an AI helper built in. Tap it and ask anything — "What does this question actually mean?", "Can you give me an example?", "Why does this matter for my business?" — and you'll get a plain-English explanation instantly.

✓ Explains technical concepts in everyday language
✓ Gives real-world examples relevant to your industry
✓ Never suggests how to answer — just helps you understand
✓ No technical background required to complete the assessment

AI question helper explaining a cyber security question in plain English during the assessment

Assessment question interface showing radio button answer choices and plain English guidance

After you finish

Your Personal Security Advisor — available the moment you see your results.

Once your results are in, an AI security advisor has your full assessment in front of it and is ready to answer any question about what it means — in plain English, as if you're talking to a security professional.

✓ "Explain my highest risk gap in simple terms"
✓ "Walk me through how to fix action #3"
✓ "Which gaps are easiest to fix myself?"
✓ Ask anything — your advisor knows your specific results

AI Personal Security Advisor chat interface showing results-based guidance after completing the health check

No consultants. No jargon. No guesswork.

For the first time, small businesses get the same quality of guidance that used to cost hundreds of dollars an hour — built directly into the assessment.

Get the NDIS Provider Cyber Health Check

Buy Now

$799 + GST

Common Questions

Why do NDIS providers need to prioritise cyber security?

NDIS providers hold sensitive participant information including disability details, support plans, medical histories, and financial records. This data is protected under strict NDIS Commission requirements and the Privacy Act. Providers also access the NDIS myplace portal, creating credential fraud opportunities. A cyber incident can disrupt critical support services for vulnerable participants — making security both a compliance obligation and a duty of care.

What cyber security obligations apply to NDIS providers?

The NDIS Commission's Practice Standards require registered providers to protect the privacy and dignity of participants, which extends to their personal information. The Privacy Act 1988 applies to all providers collecting participant data. NDIS Quality and Safeguards requirements include demonstrating adequate information management systems. Providers with NDIS myplace portal access must protect their login credentials and report suspected misuse.

What does the NDIS Provider Health Check cover?

The health check covers NDIS myplace portal credential security, participant record and support plan protection, communication security with participants and families, case management software access controls, staff device and password management, incident and data breach response planning, and security practices specific to distributed support delivery environments.

What do I receive after completing the health check?

You receive a professional Word report with prioritised recommendations tailored to NDIS provider risks. The report documents your current security posture and improvement actions — suitable for sharing with the NDIS Commission if required, your compliance officer, or keeping on file as evidence of reasonable steps to protect participant information.

View all frequently asked questions →

Cyber Security for NDIS Providers

Why NDIS providers must protect sensitive participant data, what the NDIS Commission Practice Standards require, and the controls that demonstrate compliance.

Read the guide