Skip to content
Change industry

You said ·  Worried about the questionnaire

Industry ·  Construction and engineering

The insurance questionnaire is sharper than last year.

Your cyber insurance renewal has arrived with questions that go deeper than before. MFA scope, Essential Eight maturity, and incident response timelines are now standard. A defensible answer surfaces the gaps in your current setup. Overanswering risks a declined claim when the policy kicks in. This is common for construction firms managing multiple site networks and mobile workforces.

See if we're a fit More on construction and engineering

What this usually looks like

What this looks like in Australian construction and engineering.

Head contractors like Lendlease, Multiplex, and CPB demand Essential Eight ML1 self-attestation. Your own insurer now asks for the same evidence before issuing a certificate. If you use Procore or Aconex, the insurer wants to know how identity is managed across those platforms. The pressure is real and immediate.

Construction firms often have fragmented IT. Site connectivity varies. Mobile workforces mean devices are rarely in one place. Offboarding a site foreman might leave a laptop with access to Jobpac or BuildSoft unmonitored for months. This creates blind spots that insurers spot quickly during their risk assessment.

The mandatory ransomware reporting rule for turnover over $3M adds urgency. You need a documented incident response plan that works on a construction site, not just in an office. Without it, you cannot satisfy the insurer or the regulator. The gap between what you have and what is asked is where the risk lives.

Where we'd start

Where we start to fix the gaps.

  1. Step 01

    Audit the current posture against the questionnaire

    We map your current controls to the specific questions in your insurer's pack. We check MFA coverage for all cloud services and remote access. We verify that your EDR covers every endpoint, including site laptops. We review your backup strategy and confirm you can restore data within the timeframes the insurer requires.

  2. Step 02

    Close the identity and access gaps

    We enforce MFA on all administrative accounts and remote access points. We implement automated offboarding so licences are revoked the moment a staff member leaves. We ensure your HR system triggers these changes for tools like Autodesk Construction Cloud and Cheops. This reduces the attack surface and satisfies the insurer's identity requirements.

  3. Step 03

    Document the incident response and patching

    We write a clear incident response plan that fits your operational reality. We set up automated patching for critical systems and verify the logs. We test your backups with a full restore exercise. We provide you with the evidence you need to back every answer on the questionnaire. This builds trust with your insurer and protects your claims eligibility.

CCP's security floor

Every CCP client is covered by the Client Security Baseline.

The CSBO is our contractual security floor. MFA on everything that matters. Application control. Vulnerability management. Backups restored, not just scheduled. Account offboarding the same day someone leaves. Password management staff will adopt. Annual awareness training.

If you won't do the basics, we'd rather decline than take responsibility for an incident you chose to ignore.

  • Multi-factor authentication

    Phish-resistant MFA on everything that matters.

  • Application control

    Allowlisted applications. Nothing else runs.

  • Vulnerability management

    Known vulnerabilities remediated inside thirty days.

  • Tested backups

    Backups that have actually been restored, not just scheduled.

  • Same-day offboarding

    Account access cut the day someone leaves the business.

  • Password management

    A password manager your staff will actually use.

  • Awareness training

    Annual cybersecurity training. No one opts out.

  • The full baseline

    Eleven controls in total. Seven shown here. See what's included in Managed IT Complete.

Track record

Twenty years in. A hundred-plus clients. The numbers are load-bearing.

Years in business
0+
Loved clients
0+
Aussie techs
0%

4.8 average · 46 reviews on Google

“The new investors are making us offshore IT. It sucks. You guys were perfect. I don't want to change.”
Paraphrased. A client forced to leave after an acquisition.

Our clients measure their tenure with us in years, not renewals. When they do have to leave (almost always because they've been acquired), they're sad about it. That's the metric that matters.

“Night and day working with CCP. They came in from day one, spent the time to ensure everything was set up and secure properly, and now everything just works. Due to the success we've had with them, we further engaged them to manage our phone systems and website. If you work with CCP you will never have to worry about your IT systems again.”
Trent Martin Google review
“We have been using CCP since the early 2000s and have always had great service on our 20-plus PCs and server. We recently moved to a managed service and cannot rate the experience highly enough. Well done Lee and team.”
Kelvin Mansfield Flexi Google review
“We have been continually impressed with CCP over the several years we have used them. They are extremely efficient, excellent customer service and well priced. I would recommend Lee and his team.”
ProcessWorx HR consulting, Perth Google review
See if we're a fit

The qualifier

Let's see if we're a fit.

Seven questions, one moment of your time. We'd rather tell you now than three months in.

Step 1 of 7

How big is your team?

Counting everyone: staff, contractors, anyone with an account.
See if we're a fit