Essential Eight and Cybersecurity


At WebSurveyCreator, we take cybersecurity seriously. To provide assurance to our clients and users, we align our internal practices and infrastructure with the Essential Eight mitigation strategies as recommended by the Australian Signals Directorate (ASD).

Below is an overview of how we map our practices to each of the eight strategies:

Essential Eight Strategy Our Approach / Implementation Notes & Monitoring
1. Application Control We restrict execution of unapproved software within our server environments and production systems. Only vetted binaries and services may run. We maintain a whitelist/allowlist strategy and perform regular reviews of installed software and dependencies.
2. Patch Applications All software, frameworks, libraries, and dependencies used in our platform are kept up to date, with security patches applied promptly. We maintain a patch management schedule, track CVEs, and monitor for new vulnerabilities.
3. Configure Microsoft Office Macro Settings Although our core platform is a web application, for internal use we disable macros originating from untrusted sources and enforce strict macro policies on any Office documents. Internal policy, combined with endpoint configuration enforcement.
4. User Application Hardening We enforce secure browser and client configurations. We disable or restrict risky features (e.g. script injection) and enforce secure defaults. End user clients connecting to our systems must meet baseline configurations.
5. Restrict Administrative Privileges We follow the principle of least privilege: administrative accounts are limited, segmented, and used only when needed. Day to day operations run under non privileged accounts. Access to admin functions is logged, reviewed, and requires elevated approvals.
6. Patch Operating Systems All operating systems (servers, virtual machines, containers) are kept current with security updates. Critical OS patches are applied within a defined timeframe. Automated patching tools and monitoring are used, combined with periodic audits.
7. Multi-Factor Authentication (MFA) We enforce MFA for all administrative access, remote access, and for sensitive service accounts. All login events involving privileged access require a second factor (e.g. authenticator app or token).
8. Daily Backups We perform regular backups of system data, configurations, and customer data. Backups are stored in secure, offsite, or segmented locations. We test restore procedures periodically to ensure data integrity and availability.

Maturity Levels & Continuous Improvement

We use the Essential Eight Maturity Model (Levels 0–3) to assess and uplift our controls over time. While some controls are already implemented at advanced maturity levels, we continuously review gaps, strengthen processes, and drive toward higher maturity across all strategies.

We perform internal audits and assessments regularly to confirm compliance, detect deviations, and remediate any weaknesses.