Skip to content
Change industry

You said ·  DIY IT is no longer working

Industry ·  Not-for-profit

Your DIY IT setup has reached its limit.

Many Australian not-for-profits start with a well-meaning volunteer or a part-time admin handling the laptops and passwords. It works until the team grows past twenty people. Then the patchwork of cloud accounts, shared drives, and ad-hoc access becomes a liability. You face pressure from the ACNC, grant funders, and the Privacy Act all at once. The informal approach no longer protects your mission.

See if we're a fit More on not-for-profit

What this usually looks like

What the gap looks like in the not-for-profit sector.

You are managing donor data through platforms like DonorPerfect or Salesforce NPSP while relying on personal devices and unmanaged accounts. Volunteer access is often granted via shared logins or email forwards. There is no formal offboarding process, so former staff or volunteers retain access long after they leave.

Grant funders now routinely demand evidence of Cyber Essentials or Essential Eight alignment. The ACNC expects you to protect donor information under the Privacy Act. You are expected to answer these questions without a dedicated security team or a clear audit trail.

The risk is not just technical. It is reputational. A breach of donor data or a ransomware event that halts operations can damage trust and funding eligibility. The cost of fixing this after a failure is far higher than building a proper baseline now.

Where we'd start

Where we start with your environment.

  1. Step 01

    Secure the identity layer

    We enforce MFA on all critical systems, including Xero, donor databases, and email. We map out who needs access to what and remove old accounts immediately. This stops the most common entry point for attackers without disrupting your daily work.

  2. Step 02

    Stabilise the endpoint and data

    We manage all staff and volunteer devices centrally. This ensures patches are applied and backups are running. We test your backups by restoring files, not just checking a log. This gives you the evidence grant funders require.

  3. Step 03

    Document for compliance and growth

    We produce a simple security posture report aligned with Essential Eight basics. This helps you meet ACNC expectations and funder conditions. We also map your current tools to show where gaps exist, so you can budget for fixes in your next financial plan.

CCP's security floor

Every CCP client is covered by the Client Security Baseline.

The CSBO is our contractual security floor. MFA on everything that matters. Application control. Vulnerability management. Backups restored, not just scheduled. Account offboarding the same day someone leaves. Password management staff will adopt. Annual awareness training.

If you won't do the basics, we'd rather decline than take responsibility for an incident you chose to ignore.

  • Multi-factor authentication

    Phish-resistant MFA on everything that matters.

  • Application control

    Allowlisted applications. Nothing else runs.

  • Vulnerability management

    Known vulnerabilities remediated inside thirty days.

  • Tested backups

    Backups that have actually been restored, not just scheduled.

  • Same-day offboarding

    Account access cut the day someone leaves the business.

  • Password management

    A password manager your staff will actually use.

  • Awareness training

    Annual cybersecurity training. No one opts out.

  • The full baseline

    Eleven controls in total. Seven shown here. See what's included in Managed IT Complete.

Track record

Twenty years in. A hundred-plus clients. The numbers are load-bearing.

Years in business
0+
Loved clients
0+
Aussie techs
0%

4.8 average · 46 reviews on Google

“The new investors are making us offshore IT. It sucks. You guys were perfect. I don't want to change.”
Paraphrased. A client forced to leave after an acquisition.

Our clients measure their tenure with us in years, not renewals. When they do have to leave (almost always because they've been acquired), they're sad about it. That's the metric that matters.

“Night and day working with CCP. They came in from day one, spent the time to ensure everything was set up and secure properly, and now everything just works. Due to the success we've had with them, we further engaged them to manage our phone systems and website. If you work with CCP you will never have to worry about your IT systems again.”
Trent Martin Google review
“We have been using CCP since the early 2000s and have always had great service on our 20-plus PCs and server. We recently moved to a managed service and cannot rate the experience highly enough. Well done Lee and team.”
Kelvin Mansfield Flexi Google review
“We have been continually impressed with CCP over the several years we have used them. They are extremely efficient, excellent customer service and well priced. I would recommend Lee and his team.”
ProcessWorx HR consulting, Perth Google review
See if we're a fit

The qualifier

Let's see if we're a fit.

Seven questions, one moment of your time. We'd rather tell you now than three months in.

Step 1 of 7

How big is your team?

Counting everyone: staff, contractors, anyone with an account.
See if we're a fit