Cyber Health Check · For Australian aged care providers

Know where you stand on cyber.
In 10 business days. $4,950.

A fixed-fee independent Cyber Health Check for Australian aged care providers, aligned to the Strengthened Aged Care Quality Standards, Privacy Act and Essential Eight. Plain English. Board-ready. Delivered locally.

Book a 20-minute chat See what's included

Fixed fee. No scope creep.

Clear Picture Guarantee

Sunshine Coast based

Does this sound familiar?

You have an assurance problem —
not a technology problem.

Your Board has started asking "are we cyber-safe?" — and no one can give a confident answer.
Your MSP keeps the systems running, but no one is looking at governance, evidence or regulatory alignment.
The Strengthened Quality Standards now treat information security as a governance obligation — and you're due for an audit.
A peer provider made the news for a data breach, and you're wondering how you'd cope if it were you.
You've read about the Privacy Act penalty uplift and the Aged Care Act 2024 — and you know "she'll be right" isn't a strategy anymore.
You don't want a 200-page PDF. You want an answer and a list of what to do next.

A data breach in aged care isn't an IT incident — it's a clinical, reputational and regulatory event. The Commission, your Board, your residents' families and the OAIC will all be looking for the same thing: evidence that you took it seriously.

What you get

A Cyber Health Check
built for aged care.

Ten business days. One clear report. One honest conversation. No 200-page doorstop. No scare-tactics funnel. No offshore audit team who've never set foot in an aged care home.

Regulatory alignment, made explicit

See exactly where you sit against Strengthened Quality Standard 8 (Governance), the Privacy Act, My Health Records Act and Essential Eight Maturity 1. No vague "you should do better" language.

An action plan, not a wish list

The top ten prioritised actions, sequenced by risk and effort. Something you can take to your Quality Committee on Monday and start actioning on Tuesday.

A Board-ready report

Written for your Board, Approved Provider governance forum and Quality Committee — not for a Security Operations Centre. Plain English. Evidence-linked. Defensible.

One advisor. No handoffs.

You deal with Daniel Johns for the entire engagement. No account manager, no junior consultant doing the real work, no sales-to-delivery handover. If something's unclear, you call me.

What's included

Everything. No scope creep.
No surprise invoice.

Discovery: structured interviews with leadership, your clinical governance lead and IT provider
Evidence review: policies, contracts, MSP reports, insurance attestations, incident history
Technical walkthrough: identity, MFA, patching, backup, admin privileges, vendor list
Scored assessment against governance, privacy, My Health Records Act and cyber posture with evidence notes
Strengthened Quality Standard 8 alignment check — documented for your next quality audit
Essential Eight Maturity 1 mapping — the evidence your insurer and broker are asking for
Prioritised remediation roadmap — 0–30 day / 30–90 day / 3–12 month, with indicative effort and cost
Health Check Report — one bound document, Board-ready, plain English, insurance-ready
Board briefing one-pager — traffic-light dashboard, top three actions, investment ask
60-minute debrief with leadership and your IT provider — questions encouraged
30 days of follow-up Q&A by email after the debrief
One advisor, start to finish — no account managers, no handoffs

$4,950 + GST

Fixed fee · Ten business days · No scope creep

How it works

Three steps.
Ten business days.

One clear outcome: a Board-ready picture of where your service sits on cyber, and a prioritised plan for what to do next.

Book a 20-minute chat — no charge

We check fit. If Coastal Cyber isn't right for you, I'll tell you — and point you somewhere that is. No sales pitch. No deck.

The Health Check — ten business days

Structured interviews with leadership, your IT provider and key operational staff. Evidence review. Technical and governance controls assessment. Mapped to the Strengthened Quality Standards, Privacy Act and Essential Eight.

Board-ready report and debrief

A written report you can hand to your Board, plus a 60-minute debrief with your leadership team. Questions welcome. Defensive posturing optional.

Frequently asked

The questions everyone asks,
answered honestly.

We already have an MSP/IT provider managing our security. Why do we need this?

MSPs keep your systems running — that's their job, and a good one does it well. Independent assurance, regulatory alignment and evidence for your Board are a different job entirely. The Quality and Safety Commission expects independence. Your Board should too. A Health Check complements your MSP — it doesn't replace them.

We're a small provider. Is this really necessary?

The Strengthened Quality Standards apply to every approved provider, large or small. Smaller providers often carry more concentrated risk — one compromised email account can affect a higher proportion of residents. The Health Check is priced for smaller organisations on purpose.

What do I actually get for $4,950?

A defined, fixed-scope professional deliverables pack: an executive summary for your Board, a scored assessment against the ten non-negotiables with evidence notes, a prioritised 90-day / 6-month / 12-month remediation roadmap, a top-ten risk register, an Essential Eight Maturity 1 gap analysis sized for your insurer's attestation questions, and a one-page Board briefing sheet. It's a 10-business-day diagnostic, not a penetration test, full ISO 27001 certification or multi-month programme. If deeper work follows, that's a separate engagement on its own terms.

How much time will my team need to commit?

Roughly 6–8 hours of leadership and operational staff time, spread over the ten business days. Most interviews are 45–60 minutes. We work around your roster, not the other way around.

Do you work with our IT provider or replace them?

Work with them. I've yet to meet an MSP who objects to a second set of eyes on governance. Good MSPs welcome the clarity. The ones who don't — that's a signal worth noticing.

Who sees the report?

You do. Only you. The report is your property. You choose what to share with your Board, the Commission, your insurer or your MSP.

Are you insured?

Yes — professional indemnity and public liability cover held. Certificates of currency available on request before the engagement begins.

What happens after the Health Check?

Entirely your call. Some clients take the report, action the top 10 items with their MSP and come back in 12 months for a follow-up. Others want ongoing advisory — a monthly Virtual CISO (vCISO) retainer. Both options are fine. Neither is pushed.

Book a chat

Twenty minutes.
No sales pitch.

A free 20-minute call to talk about your provider, your current cyber position, and whether a Health Check is the right next step for you. If it isn't, I'll tell you — and point you somewhere that is.

hello@coastalcyber.com.au

Sunshine Coast, QLD — on-site visits across SE Queensland

Know where you stand on cyber.In 10 business days. $4,950.

You have an assurance problem —not a technology problem.

A Cyber Health Checkbuilt for aged care.