Skip to content
Change industry

You said ·  We had a breach or close call

Industry ·  RTO or education

A breach just happened and we need to stop it from happening again.

The invoice redirection hit the accounts team. Or the phishing link bypassed your email gateway. Or the ransomware tried to encrypt the VETtrak database. The first hour is about containment. The first week is about evidence preservation. The first month is about proving to your regulator that you have fixed the hole.

See if we're a fit More on rto or education

What this usually looks like

What a security incident looks like for an RTO.

You are holding sensitive data under the Privacy Act and state funding requirements. A Business Email Compromise might have diverted training fees. A leaked credential set could expose USI records. The immediate fear is financial loss. The longer-term fear is ASQA scrutiny under the 2025 Standards effective 1 July 2025.

Your stack includes aXcelerate, Wisenet, and VETtrak. These are not hardened by default. If an attacker gains access to an admin account, they can alter student results, manipulate attendance, or export personal data. The cyber insurance questionnaire from your state funding body will ask about your incident response plan. If you do not have one, your premium jumps or coverage drops.

The pain is not just technical. It is administrative. You need to notify affected students. You need to report to ASQA if there is a breach of the Registered Training Organisations Standards. You need to restore AVETMISS submissions without losing data integrity. Panic leads to bad choices. A structured response leads to recovery.

Where we'd start

What we would do in the first fourteen days.

  1. Step 01

    Contain and preserve evidence

    We isolate the compromised endpoints and revoke active sessions immediately. We preserve logs from your email gateway, firewall, and VET management systems. We work with your cyber insurance provider to ensure the response is covered. We stop the bleed before we start the repair. This protects your legal position and your data.

  2. Step 02

    Secure the VET data environment

    We audit access to aXcelerate, Wisenet, and VETtrak. We enforce MFA on all administrative accounts. We check for persistence mechanisms like rogue API keys or scheduled tasks. We verify backup integrity for USI and student records. We ensure the systems are clean before we restore operations. We do not trust the previous state.

  3. Step 03

    Document the response for ASQA

    We produce a clear timeline of events and actions taken. We map the incident to the Essential Eight maturity levels. We create a remediation plan that aligns with the 2025 Standards. We help you draft the notification if required. We turn a security failure into a compliance demonstration. This is how you regain trust.

CCP's security floor

Every CCP client is covered by the Client Security Baseline.

The CSBO is our contractual security floor. MFA on everything that matters. Application control. Vulnerability management. Backups restored, not just scheduled. Account offboarding the same day someone leaves. Password management staff will adopt. Annual awareness training.

If you won't do the basics, we'd rather decline than take responsibility for an incident you chose to ignore.

  • Multi-factor authentication

    Phish-resistant MFA on everything that matters.

  • Application control

    Allowlisted applications. Nothing else runs.

  • Vulnerability management

    Known vulnerabilities remediated inside thirty days.

  • Tested backups

    Backups that have actually been restored, not just scheduled.

  • Same-day offboarding

    Account access cut the day someone leaves the business.

  • Password management

    A password manager your staff will actually use.

  • Awareness training

    Annual cybersecurity training. No one opts out.

  • The full baseline

    Eleven controls in total. Seven shown here. See what's included in Managed IT Complete.

Track record

Twenty years in. A hundred-plus clients. The numbers are load-bearing.

Years in business
0+
Loved clients
0+
Aussie techs
0%

4.8 average · 46 reviews on Google

“The new investors are making us offshore IT. It sucks. You guys were perfect. I don't want to change.”
Paraphrased. A client forced to leave after an acquisition.

Our clients measure their tenure with us in years, not renewals. When they do have to leave (almost always because they've been acquired), they're sad about it. That's the metric that matters.

“Night and day working with CCP. They came in from day one, spent the time to ensure everything was set up and secure properly, and now everything just works. Due to the success we've had with them, we further engaged them to manage our phone systems and website. If you work with CCP you will never have to worry about your IT systems again.”
Trent Martin Google review
“We have been using CCP since the early 2000s and have always had great service on our 20-plus PCs and server. We recently moved to a managed service and cannot rate the experience highly enough. Well done Lee and team.”
Kelvin Mansfield Flexi Google review
“We have been continually impressed with CCP over the several years we have used them. They are extremely efficient, excellent customer service and well priced. I would recommend Lee and his team.”
ProcessWorx HR consulting, Perth Google review
See if we're a fit

The qualifier

Let's see if we're a fit.

Seven questions, one moment of your time. We'd rather tell you now than three months in.

Step 1 of 7

How big is your team?

Counting everyone: staff, contractors, anyone with an account.
See if we're a fit