Author
Tim Harrison
Managing partner, CCP Australia
Managing partner, CCP Australia
Tim runs CCP. Twenty-five years in IT, twenty in voice and infrastructure, and a stubborn refusal to ship things he wouldn't want running on his own kit. Writes here about the operator side of running technology in Australia.
Posts by Tim Harrison
All newsCompliance
A Law Firm's Guide to Tranche 2 AML/CTF Obligations in 2026
AUSTRAC's Tranche 2 AML/CTF regime catches Australian law firms from 1 July 2026. Enrolment opens 31 March 2026, compliance officer registration closes 29 July 2026. An IT operator's guide to the systems, software and record-keeping the regime actually demands.
21 April 2026 · 9 min read
Cybersecurity
The Vercel breach started with someone installing Roblox cheats
A Context.ai employee searched for Roblox auto-farm scripts. Two months later, Vercel customers had their source code and credentials stolen. How one download became a supply chain breach, and what business owners should take from it.
20 April 2026 · 6 min read
Managed IT
CCP VOICE: our new cloud phone platform
We've launched CCP VOICE, our next-generation cloud PBX. Microsoft 365 and Teams integration, CRM connectors for HubSpot, Odoo, Salesforce and Dynamics, supervisor live-call tools, free migration.
14 April 2026 · 6 min read
Managed IT
Microsoft 365 price changes from 1 July 2026
Microsoft is changing Office 365 and Microsoft 365 prices from 1 July 2026. Plan-by-plan AUD estimates and what's bundled into the new pricing.
14 April 2026 · 3 min read
Compliance
An Accountant's Guide to Tranche 2 AML/CTF Obligations in 2026
AUSTRAC's Tranche 2 AML/CTF regime catches Australian accounting firms providing designated services from 1 July 2026. Enrolment opens 31 March 2026, AML/CTF programme due 30 June 2026, enrolment closes 29 July 2026. An IT operator's guide to the systems, software and record-keeping the regime actually demands of accounting practices.
7 April 2026 · 11 min read
Compliance
An RTO's Guide to the 2025 Standards for RTOs and Their IT Obligations in 2026
ASQA's 2025 Standards for RTOs replaced the 2015 Standards on 1 July 2025. Nine months in, the IT obligations the new framework actually demands of registered training organisations are clearer. An IT operator's guide to information management, recordkeeping, and the systems behind ASQA audit readiness.
5 March 2026 · 11 min read
Operations
AI makes the work faster. It might also make us worse at it.
A new study on AI-assisted coding: juniors finish two minutes faster and score 17 points lower on understanding. The trade behind AI productivity claims.
15 February 2026 · 3 min read
Compliance
Microsoft 365 Copilot now sends data to Anthropic by default. Here's how to think about it.
From 7 January 2026, Anthropic's Claude is enabled by default across Microsoft 365 Copilot. What that means for your data, your DPA register, and your governance posture.
18 December 2025 · 3 min read
Managed IT
AI is making your hardware more expensive, even if you don't use AI
DDR5 has tripled, SSDs are following, and your next hardware refresh will hurt. Why the AI buildout is making everyone's IT budget more expensive, regardless of whether you use AI.
15 December 2025 · 3 min read
Operations
When your vendor goes silent: lessons from reviving an open-source platform
What reviving an abandoned open-source telecom platform taught me about community, vendor lock-in, and what to do when the supplier you depend on stops talking.
5 September 2025 · 6 min read
Operations
The Pascua ruling: why offshore IT contractors just became a legal liability
The Fair Work Commission's Pascua ruling extended Australian employment protections to a Filipino remote worker. What it means for any business relying on offshore IT contractors.
15 June 2025 · 3 min read
Operations
New plans, a security floor, and the end of pay-by-the-hour.
Why we hold every client to a security floor, what's in our four new plans, and why we ended pay-by-the-hour managed IT. The May 2025 changes, explained.
31 May 2025 · 6 min read
Compliance
Mandatory Ransomware Reporting Starts 30 May: What the Cyber Security Act 2024 Asks Of You
The Cyber Security Act 2024's ransomware and cyber extortion payment reporting obligation commences 30 May 2025. Businesses carrying on in Australia with turnover above $3 million, plus critical-infrastructure entities, must report ransomware payments to Home Affairs within 72 hours. A practical guide to what the obligation captures, the Phase 1 education-first approach, and the systems work that makes reporting survivable.
2 May 2025 · 9 min read
Cybersecurity
$160,000 gone. $15,000 about to follow. How the crypto recovery scam works.
Pulling a Perth retiree back from a $15,000 crypto recovery scam, after she'd lost $160,000 to the original fraud. How the scam works, end to end.
15 April 2025 · 5 min read
Compliance
The Privacy Act Gets Its Teeth: What the 2024 Reforms Mean for Notifiable Data Breaches
The Privacy and Other Legislation Amendment Bill 2024 passed the Senate in late November and awaits Royal Assent. It brings a mid-tier civil penalty of up to $3.3 million for corporations, new OAIC infringement-notice powers, a statutory tort of serious privacy invasion, and a harder edge to the notifiable-data-breach regime. What that actually changes for Australian mid-market businesses.
28 November 2024 · 9 min read
Compliance
Directors on the Hook for Cyber: What the Section 180 Position Actually Is in 2024
ASIC's post-RI Advice enforcement posture puts cyber risk management squarely inside a director's section 180 duty of care. The stepping-stone liability approach means a company cyber failure can land on directors personally. What the position actually requires of Australian company directors in 2024.
15 August 2024 · 8 min read