ESSENTIAL EIGHT AUDIT

Get Your Essential Eight Audit Free
Save Up to $15,000 on a 12-month Plan

See exactly where you stand across all 8 controls within days — from control analysis and prioritised remediation roadmap through to your target maturity level in 4 to 12 weeks.

FABIAN ROSS
CEO
Basketball WA
Basketball WA exists to grow the game but behind the scenes, we're also custodians of personal information for tens of thousands of members, many of them children. That responsibility rests with us, and we need to take it seriously. DefenderSuite gave us the structure, the controls, and the confidence to know we're protecting that data the way we should be. It's not just a compliance checkbox, it genuinely changed how we think about our obligations.
Maria Reid
General Manager
Companion Home Care
Our team's focus belongs on the people in our care, not on managing IT security. Knowing that side of the business is handled properly, and that we can demonstrate it when partners or regulators ask, has made a real difference to how we operate. It's one less thing to carry, and that matters in an industry where your attention should never be divided.

ASD

Australian
Signals
Directorate

ACSC

Australian
Cyber Security
Centre

70%

of Australian Government entities audited their suppliers' security in 2025 — using Essential Eight Maturity Level 2 as the benchmark.
Australian Signals Directorate
Commonwealth Cyber Security Posture 2025
Luis Alegria
IT Manager
Ultimo Catering
As we've expanded our on-demand ordering and digital presence, the volume of client and financial data moving through our systems has grown significantly. We needed our security to keep pace with that growth. DefenderSuite gave us the framework to scale confidently, knowing that side of the business is handled properly as we continue to grow.
Christelda Mott
Director
Superior Business Tax
As a CA registered practice and registered tax agent, our obligations to the ATO and our professional body are significant. The data we handle sits at the intersection of some of Australia's strictest regulatory requirements. DefenderPro gave us the compliance framework to meet those obligations digitally with the same seriousness we apply to every other aspect of our practice.

84,700

cybercrime reports were filed in Australia in FY2024–25 — one every six minutes, as cyber threats continue to rise in frequency and cost.
Australian Signals Directorate
Annual Cyber Threat Report 2024–25

200+

ASSESSMENTS

98%

SATISFACTION

<12h

RESPONSE TIME

24/7

MONITORING

EVERY ASSESSMENT INCLUDES

Maturity
Snapshot

Rated against all 8 controls

Gap
Priorities

Ranked by impact and severity

Action
Plan

Your next steps, prioritised

Get Started With Your Free Essential Eight Audit

Submit in 30 seconds. We’ll be in touch within 1 business day

Thank you

Thanks for reaching out. We will get back to you soon.
Oops! Something went wrong while submitting the form.

Why Essential Eight Audits Matter

20% Lower Insurance Premiums

Documented Essential Eight controls are the primary factor in lower cyber premiums.

70% of Gov Entities Audit Suppliers

Most government suppliers are checked against Essential Eight Maturity Level 2.

$56,600 Average Breach Cost

The equivalent of three or more years of full DefenderSuite monitoring and protection.

Audits Typically Cost $5,000–$15,000
Yours Is Included Free

What other firms charge thousands for upfront, DefenderSuite includes on a 12-month plan — audit, remediation roadmap and ongoing management, all in one.

Standalone assessments

$5k–$15k

Paid upfront, before any remediation begins. With no implementation support included.

Remediation quoted as separate cost

Multiple vendors, multiple invoices

Evidence outdated at next renewal

No single owner for your outcome

No clear timeline when controls go live

With DefenderSuite | 12-month plan

$0 – Free

One accountable partner from assessment to compliance. All included in your monthly plan.

Controls deployed with no disruption

Cybersecurity and compliance bundled

Continuous evidence as standard

Assessment actioned from day one

Maturity Level 1, 2 or 3 in 4–12 weeks

What An Essential Eight Audit Tests

Each control is assessed against the ACSC maturity model at Level 1, 2, and 3. Here's what auditors look for — and what the audit finds in most Australian environments.

01 \ Application Control

Malicious or unauthorised software executing in your environment — from untrusted installers to unknown scripts running unchecked.

Whether your approval controls are actively enforced across every device and server, or exist only on paper.

02 \ Patch Applications

Known software vulnerabilities being exploited before your business has had a chance to close them.

Whether critical patches are applied within the required timeframes — across browsers, plugins, line-of-business applications, and anything else running in your environment.

03 \ Microsoft Office Macro Settings

Malicious code embedded in Office documents from executing in your environment — one of the most common entry points for ransomware and phishing attacks.

Whether macro settings are enforced through policy across your entire environment, and whether macros from untrusted sources are blocked regardless of who requests them.

04 \ User Application Hardening

Attacks delivered through browsers and document readers — exploiting features most users never need but leave enabled by default.

Whether dangerous browser and application features are disabled and locked across every managed device — and whether users can override those settings themselves.

05 \ Restrict Administrative Privileges

Attackers gaining elevated access to your environment by compromising an account with more permissions than it needs.

How many accounts hold administrative privileges, whether those accounts are used for daily tasks like email and browsing, and whether privilege is regularly reviewed and revoked when no longer required.

06 \ Patch Operating Systems

Attackers exploiting known vulnerabilities in your operating systems — particularly on internet-facing systems where exposure is highest.

Whether critical operating system patches are applied within required timeframes across every device and server in your environment, verified against patch deployment logs — not self-reported timelines.

07 \ Multi-Factor Authentication

Unauthorised access to your systems and data through compromised credentials — the most common initial access method in Australian cyber incidents.

Whether multi-factor authentication is enforced across all remote access, internet-facing services, and privileged accounts — and whether legacy authentication protocols that bypass it have been disabled.

08 \ Regular Backups

Permanent data loss and extended downtime following a ransomware attack or system failure — where recovery depends entirely on the integrity of your backups.

Whether backups are current, stored in isolation from the systems they protect, and whether restoration has been tested — not assumed. An untested backup is treated as a backup that doesn't exist.

DefenderSuite Delivers Essential Eight Compliance & Cybersecurity in One Plan

Continuous protection, active control management and monthly compliance reporting — all delivered by a single managed platform, with the evidence to support insurers, government contracts and board reporting.

Managed
Security

Protection across your devices, email and people.

Continuously monitored and managed by our team.

Microsoft 365
Security

Purpose-built for your Microsoft 365 environment.

Accounts, files and sensitive data kept protected.

Compliance
Governance

Frameworks and reporting across all your obligations.

Aligned to every Australian standard you must meet.

Insurance
Readiness

Evidence and reporting formatted for your insurer.

Prepared for applications, renewals and reviews.

Essential Eight Levels 1 – 3

Security environments aligned to defined maturity levels with progression built in

4 – 12 Week Onboarding

Environments onboarded, hardened, and security controls deployed within weeks

Security Control Deployment

Application control, patching, MFA, and privilege management implemented

50% + Secure Score Uplift

Security posture hardened to improve Microsoft Secure Score

Australian Government Alignment

Security controls aligned to government cybersecurity expectations and standards

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Essential Eight Levels 1 – 3

Security environments aligned to defined maturity levels with progression built in

4 – 12 Week Onboarding

Environments onboarded, hardened, and security controls deployed within weeks

Security Control Deployment

Application control, patching, MFA, and privilege management implemented

50% + Secure Score Uplift

Security posture hardened to improve Microsoft Secure Score

Australian Government Alignment

Security controls aligned to government cybersecurity expectations and standards

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Essential Eight Levels 1 – 3

Security environments aligned to defined maturity levels with progression built in

4 – 12 Week Onboarding

Environments onboarded, hardened, and security controls deployed within weeks

Security Control Deployment

Application control, patching, MFA, and privilege management implemented

50% + Secure Score Uplift

Security posture hardened to improve Microsoft Secure Score

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Essential Eight Levels 1 – 3

Security environments aligned to defined maturity levels with progression built in

4 – 12 Week Onboarding

Environments onboarded, hardened, and security controls deployed within weeks

Security Control Deployment

Application control, patching, MFA, and privilege management implemented

50% + Secure Score Uplift

Security posture hardened to improve Microsoft Secure Score

Australian Government Alignment

Security controls aligned to government cybersecurity expectations and standards

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Essential Eight Levels 1 – 3

Security environments aligned to defined maturity levels with progression built in

4 – 12 Week Onboarding

Environments onboarded, hardened, and security controls deployed within weeks

Security Control Deployment

Application control, patching, MFA, and privilege management implemented

50% + Secure Score Uplift

Security posture hardened to improve Microsoft Secure Score

Australian Government Alignment

Security controls aligned to government cybersecurity expectations and standards

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Essential Eight Levels 1 – 3

Security environments aligned to defined maturity levels with progression built in

4 – 12 Week Onboarding

Environments onboarded, hardened, and security controls deployed within weeks

Security Control Deployment

Application control, patching, MFA, and privilege management implemented

50% + Secure Score Uplift

Security posture hardened to improve Microsoft Secure Score

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Monthly Compliance Reporting

Clear reporting to track security posture and compliance maturity

Audit To Essential Eight Compliance in Three Managed Steps

From audit to compliance, everything is handled by a dedicated team — no external assessors, no separate remediation quotes, no coordination on your end.

Essential Eight Audit

Our team assesses your environment across all 8 controls against the ACSC methodology. Formal findings delivered within days.

Managed Remediation

Controls are deployed and managed directly against your audit findings, closing every gap to achieve your target maturity level.

Ongoing Compliance

Managed cybersecurity and Essential Eight compliance — monthly reporting keeps your maturity level maintained and evidenced.

Get your Essential Eight audit free — included on a 12-month DefenderSuite plan.

No upfront assessment fee.
No separate remediation engagement.
One subscription delivers all three.

Request Your Free Audit →

Scope subject to findings
12-month commitment
10-user minimum

Compare DefenderSuite Plans

Foundational
Cybersecurity & Compliance

Small to Medium Businesses

From

We’ll recommend the right plan after your assessment.

Plan Inclusions
Fundamental Controls Plus

Endpoint Protection & Response (EDR)
24/7 Security Monitoring
Email & Phishing Protection
Automated Patching & Updates
Compliance Alignment
Baseline Cyber Readiness
SMB1001 Alignment Readiness
Request Your Free Audit

Advanced
Cybersecurity & Compliance

Small to Medium Businesses

From

We’ll recommend the right plan after your assessment.

Plan Inclusions
Everything DefenderBasic Plus

Microsoft 365 Managed Security
1 TB CloudSafe Storage
Secure Access Verification (MFA)
Identity & Access Management
Monthly Security Reporting
Compliance Alignment
Essential Eight Level 1
SMB1001 Alignment Level 2
Microsoft Secure Score
Target of ≥ 40%
Request Your Free Audit

Complete
Cybersecurity & Compliance

Medium to Large Businesses

Most Popular

From

We’ll recommend the right plan after your assessment.

Plan Inclusions
Everything DefenderCore Plus

Managed Detection & Response (MDR)
2 TB CloudSafe Storage
User Training & Security Testing
Data Loss Prevention (DLP)
Identity Threat Protection (ITP)
Compliance Alignment
Essential Eight Level 2
SMB1001 Alignment Level 4
Microsoft Secure Score
Target of ≥ 65%
ISM & PSPF Alignment
ASD Hardening & Blueprint for Secure Cloud Alignment
Request Your Free Audit

Comprehensive
Cybersecurity & Compliance

Regulated Industries & Enterprises

From

We’ll recommend the right plan after your assessment.

Plan Inclusions
Everything DefenderPro Plus

Advanced Threat Hunting
& Forensics
Secure Password Vault
3 TB CloudSafe Storage
Comprehensive Monthly
Security Reporting
Compliance Alignment
Essential Eight Level 3
SMB1001 Alignment Level 5
Microsoft Secure Score
Target of ≥ 80%
ISM & PSPF Fully Aligned
ASD Hardening & Blueprint for Secure Cloud Fully Aligned
Request Your Free Audit

FAQs About The Essential Eight Audit

Covering scope, methodology, deliverables, and what happens once your audit is complete.

Need To Speak With A Specialist?

Phone
+ 61 1300 93 77 49
What does the Essential Eight audit cover?

The audit assesses your environment across all 8 Essential Eight controls — application control, patch management, macro settings, user application hardening, administrative privileges, operating system patching, multi-factor authentication, and backups. Each control is assessed at Maturity Level 1, 2, and 3 against the ACSC's published criteria.

How is the audit conducted?

Your environment is assessed directly — not through a self-reported questionnaire. Our team reviews your configurations, systems, and controls against the ACSC Essential Eight assessment methodology, with evidence collected per control at each maturity level threshold.

What do I receive at the end of the audit?

Four documents: a maturity assessment report scored across all 8 controls, a gap analysis with prioritised remediation findings, an executive summary formatted for board reporting, and an evidence pack structured for insurer submissions, government procurement, and DISP assessments.

What happens once the audit is complete?

For 12-month DefenderSuite subscribers, your remediation roadmap becomes the implementation plan for your plan's onboarding. Controls are deployed against your audit findings and monitored continuously, with monthly compliance reports tracking your progress against your target maturity level.

Which other compliance frameworks do you support?

DefenderSuite aligns to Australia's leading security frameworks including Essential Eight, the Information Security Manual (ISM), Protective Security Policy Framework (PSPF), SMB1001, ASD Hardening Guidelines, ASD Blueprint for Secure Cloud, and the Cyber Security Act. The tier you choose determines the maturity level achieved across each framework.

Trusted by Security-Conscious Businesses

COMPLIANCE CONFIDENCE

As a CA registered practice and registered tax agent, our obligations to the ATO and our professional body are significant. The data we handle sits at the intersection of some of Australia's strictest regulatory requirements. DefenderPro gave us the compliance framework to meet those obligations digitally with the same seriousness we apply to every other aspect of our practice.

Christelda Mott
Director
Superior Business Tax

SECURITY THAT SCALES

As we've expanded our on-demand ordering and digital presence, the volume of client and financial data moving through our systems has grown significantly. We needed our security to keep pace with that growth. DefenderSuite gave us the framework to scale confidently, knowing that side of the business is handled properly as we continue to grow.

Luis Alegria
IT Manager
Ultimo Catering

ONE LESS THING TO CARRY

Our team's focus belongs on the people in our care, not on managing IT security. Knowing that side of the business is handled properly, and that we can demonstrate it when partners or regulators ask, has made a real difference to how we operate. It's one less thing to carry, and that matters in an industry where your attention should never be divided.

Maria Reid
General Manager
Companion Home Care

SECURE ACROSS EVERY SITE

Running FIFO and regional projects means our people, devices and data are constantly moving across some of WA's most remote sites. We needed to know our systems were secure regardless of where the work took us. DefenderPro handles that without us having to think about it, and the peace of mind that comes with that is worth more than we expected.

Jessica Garthshore
Managing Director
Maintain Group

REFLECTING CLIENT TRUST

DefenderPro raised the standard of how we demonstrate our professional obligations. The clients who come to Equiti do so because they trust us with their financial affairs completely, and maintaining that trust means holding ourselves to the highest standard across everything we do. DefenderPro gave us the compliance framework, the controls and the audit-ready reporting to reflect that standard clearly.

Carolyn Taylor
Personal Assistant
Equiti Partners

PROVEN ACCOUNTABILITY

Operating under the NDIS and Aged Care frameworks means our compliance obligations are significant, and data protection is a core part of that. We hold sensitive information for hundreds of clients, many of them elderly or living with disability. DefenderPro gave us Essential Eight Level 2 compliance, 24/7 managed protection, and monthly reporting we can take to our board and regulators with confidence.

Janice Early
General Manager
Prime Care Partners

Essential Eight Compliance Starts Here

Whether you're meeting a contract requirement, satisfying an insurer or demonstrating compliance to government — book your free assessment and know where you stand within days.

ASD

Australian
Signals
Directorate

ACSC

Australian
Cyber Security
Centre

70%

of Australian Government entities audited their suppliers' security in 2025 — using Essential Eight Maturity Level 2 as the benchmark.
Australian Signals Directorate
Commonwealth Cyber Security Posture 2025

Prefer to speak with a specialist first?

Phone
+ 61 1300 93 77 49