π‘οΈ Essential Eight Compliance Management (MVP)¶
What It Does¶
GetCimple helps Australian businesses track and improve their Essential Eight maturity levels to meet ACSC requirements and reduce cyber risk.
Core Featurest¶
1. Maturity Assessment¶
- Simple questionnaire for each Essential Eight control
- Automatic scoring (Level 0-3)
- Visual dashboard showing current state
- Gap analysis against target levels
2. Evidence Management¶
- Upload screenshots and documents
- Link evidence to specific controls
- Track evidence currency
- One place for audit preparation
3. Progress Tracking¶
- Monthly progress updates
- Before/after comparisons
- Identify quick wins
- Focus on highest risks
Assessment Process (Quarterly)¶
-
Update Assessment (2 hours)
-
IT staff answer questions
- Upload new evidence
-
System calculatest scores
-
Review Results (30 mins)
-
Management reviews dashboard
- Identify improvement areas
-
Set priorities for next quarter
-
Board Reporting (Automatic)
- E8 status in director reports
- Progress since last quarter
- Risk areas highlighted
The 8 Controls We Track¶
- Application Control - Whitelisting
- Patch Applications - Critical updates
- Microsoft Office Macros - Blocking malicious code
- User Application Hardening - Browser security
- Admin Privileges - Limiting access
- Patch Operating Systems - OS updates
- Multi-factor Authentication - Strong login
- Backups - Ransomware protection
Target Maturity Levels¶
- Government Suppliers: Level 2+ mandatory
- Critical Infrastructure: Level 3 recommended
- General Business: Level 1 minimum
Business Value¶
- Meet ACSC compliance requirements
- Reduce ransomware risk by 85%+
- Clear roadmap for improvement
- Evidence ready for audits
MVP Limitations¶
- Manual evidence upload (no API integration yet)
- Quarterly assessments (not real-time)
- Standard ACSC framework only
Good enough to demonstrate compliance and guide improvements.