Skip to content
Change industry

You said ·  Worried about the questionnaire

Industry ·  Mining services and technology

The insurance questionnaire is exposing gaps you cannot afford.

A cyber insurance renewal questionnaire has landed on your desk. The questions are sharper than the last one. MFA scope, Essential Eight maturity, incident response plans, patching cadence, backup testing, and offboarding procedures. A real answer surfaces gaps. Overanswering risks a declined claim later. We see this pattern across mining services firms every quarter.

See if we're a fit More on mining services and technology

What this usually looks like

What the questionnaire pressure looks like for mining services.

Prime contractors like BHP, Rio Tinto, and FMG are tightening their security packs. They demand Essential Eight ML1 self-attestation, MFA enforcement, and documented incident response. Your cyber insurer is now asking the same questions with less grace. You are a drone surveyor or geotech firm. Your IT is a mix of survey laptops, drone fleet management tools, and an ERP system. None of it was built for this level of scrutiny.

The gap is not just technical. It is evidential. The insurer wants proof of backup restoration. They want a named security contact. They want to see that offboarding actually revokes access. If your current setup relies on manual processes or ad-hoc tools, you cannot provide that proof. A 'no' or 'partial' answer here often triggers a premium hike or a exclusion clause.

The risk is real. If you claim 'yes' to a control you cannot demonstrate, the insurer may deny a ransomware payout. We have seen firms lose coverage because they could not produce logs or restoration records when the time came. The questionnaire is not a formality. It is a forensic audit before the event.

Where we'd start

Where we would start to stabilise your position.

  1. Step 01

    Audit the current posture against the insurer's checklist

    We map your existing controls to the insurer's specific questions. We identify where you have evidence and where you have gaps. This is not a theoretical review. We look at MFA implementation, EDR coverage, and backup integrity. We produce a gap analysis that tells you exactly what needs to change before the form is returned.

  2. Step 02

    Implement the non-negotiable controls

    We deploy MFA on all remote access and critical applications. We ensure endpoints are managed and under EDR. We verify that backups are immutable and testable. We document the incident response plan so it is not just a document but a procedure. These are the controls that keep your policy valid and your data safe.

  3. Step 03

    Prepare the evidence for the insurer

    We compile the evidence you need. This includes patching reports, MFA logs, and backup restoration records. We help you answer the questionnaire with confidence. We ensure that every 'yes' is backed by proof. This approach reduces the risk of a denied claim and demonstrates maturity to your prime contractors.

CCP's security floor

Every CCP client is covered by the Client Security Baseline.

The CSBO is our contractual security floor. MFA on everything that matters. Application control. Vulnerability management. Backups restored, not just scheduled. Account offboarding the same day someone leaves. Password management staff will adopt. Annual awareness training.

If you won't do the basics, we'd rather decline than take responsibility for an incident you chose to ignore.

  • Multi-factor authentication

    Phish-resistant MFA on everything that matters.

  • Application control

    Allowlisted applications. Nothing else runs.

  • Vulnerability management

    Known vulnerabilities remediated inside thirty days.

  • Tested backups

    Backups that have actually been restored, not just scheduled.

  • Same-day offboarding

    Account access cut the day someone leaves the business.

  • Password management

    A password manager your staff will actually use.

  • Awareness training

    Annual cybersecurity training. No one opts out.

  • The full baseline

    Eleven controls in total. Seven shown here. See what's included in Managed IT Complete.

Track record

Twenty years in. A hundred-plus clients. The numbers are load-bearing.

Years in business
0+
Loved clients
0+
Aussie techs
0%

4.8 average · 46 reviews on Google

“The new investors are making us offshore IT. It sucks. You guys were perfect. I don't want to change.”
Paraphrased. A client forced to leave after an acquisition.

Our clients measure their tenure with us in years, not renewals. When they do have to leave (almost always because they've been acquired), they're sad about it. That's the metric that matters.

“Night and day working with CCP. They came in from day one, spent the time to ensure everything was set up and secure properly, and now everything just works. Due to the success we've had with them, we further engaged them to manage our phone systems and website. If you work with CCP you will never have to worry about your IT systems again.”
Trent Martin Google review
“We have been using CCP since the early 2000s and have always had great service on our 20-plus PCs and server. We recently moved to a managed service and cannot rate the experience highly enough. Well done Lee and team.”
Kelvin Mansfield Flexi Google review
“We have been continually impressed with CCP over the several years we have used them. They are extremely efficient, excellent customer service and well priced. I would recommend Lee and his team.”
ProcessWorx HR consulting, Perth Google review
See if we're a fit

The qualifier

Let's see if we're a fit.

Seven questions, one moment of your time. We'd rather tell you now than three months in.

Step 1 of 7

How big is your team?

Counting everyone: staff, contractors, anyone with an account.
See if we're a fit