StartCloud helps Perth ICT suppliers and contractors meet the cyber security expectations of the WA Government Cyber Security Policy 2024, which holds state agencies, universities, and Government Trading Enterprises to the ACSC Essential Eight at Maturity Level One. The policy does not blanket-mandate Essential Eight for suppliers, but agencies flow those expectations down through tender questions, contract clauses, and risk assessments (including on the CUAICTS2021 ICT services panel). Services include Essential Eight gap assessments, implementation to Maturity Level One, compliance and evidence documentation, 24/7 SOC monitoring, and penetration testing, from a Balcatta-based managed security service provider.
- Home
- Cybersecurity
- Essential Eight
- WA Government Contractors
Essential Eight for WA Government Contractors & Suppliers
If you sell to, or run systems for, Western Australian government agencies, their security expectations land on you too. The WA Government Cyber Security Policy holds agencies to the ACSC Essential Eight, and that flows down to the contractors and suppliers who handle their data. We help Perth businesses meet Maturity Level One and prove it, so security strengthens your next bid instead of sinking it.
How We Help WA Government Suppliers
Essential Eight Gap Assessment
An honest read of where you sit against all eight strategies today, mapped to Maturity Level One, with a plain-English list of what needs closing.
Implementation to Maturity Level One
We do the unglamorous work: application control, patching, macro settings, hardening, admin restriction, MFA, and tested backups.
Compliance & Risk Management
Evidence, documentation, and reporting you can hand to an agency, an auditor, or a tender panel without scrambling.
24/7 SOC Monitoring
Round-the-clock threat monitoring from our Security Operations Centre, so someone is watching the alerts your clients expect you to watch.
Penetration Testing
Independent testing that finds the exploitable gaps before an attacker or an agency's security review does.
Virtual CIO for Tender Readiness
Strategic help getting your security posture, policies, and evidence into shape ahead of a bid or a contract renewal.
Why StartCloud
We Understand WA Public Sector Expectations
We work with the frameworks the state actually uses: the ACSC Essential Eight, the WA Government Cyber Security Policy, and the risk questions that come up in ICT procurement.
Security-First, Not Security-Later
We are a managed security service provider (MSSP), not an MSP that bolts security on afterwards. Essential Eight is core work for us, not a side project.
Evidence You Can Actually Show
Meeting a maturity level is one thing. Proving it to an agency or an auditor is another. We build the documentation as we go so you are never caught short.
Right-Sized for SMB Suppliers
Most WA government suppliers are not enterprises. We size Essential Eight work for businesses of 10 to 200 staff who need to be credible without an enterprise budget.
What the WA Government Cyber Security Policy Actually Requires
The Western Australian Government Cyber Security Policy 2024 sets a baseline that state entities are expected to meet. It aligns to the Australian Cyber Security Centre's Essential Eight at Maturity Level One (the November 2022 model), draws on components of the NIST Cyber Security Framework, and adds a further set of controls the state refers to as the Further Five.
It applies to a broad group: public sector agencies under the Public Sector Management Act 1994, Schedule 1 entities, the state's universities, and Government Trading Enterprises. The policy is overseen by the Office of Digital Government (DGov) and its Cyber Security Unit.
Progress has been steady rather than instant. When the Office of the Auditor General examined implementation in 2023, none of the ten entities it audited had reached Maturity Level One across every one of the eight controls. That is worth knowing, because it tells you the bar is real, it is being measured, and it is not something agencies are quietly ignoring.
What This Means If You Sell To or Service WA Government
Here is the honest version, because there is a lot of loose talk about this. The policy binds government entities, not every business that sells to them. Being on the state's ICT services panel, CUAICTS2021, does not currently make Essential Eight a blanket, tick-this-box requirement for contractors, and anyone telling you otherwise is overstating it.
What is true is more practical. When an agency has to meet a maturity level, that expectation flows downhill to the providers who touch its data and systems. It shows up as security questions in a tender, as clauses in a contract, as a risk assessment before you are handed access, and as insurance levels that scale with the risk of the work. If you host, support, or build systems that hold government information, you should expect to be asked how you protect it.
So Essential Eight is less a gate you must pass and more the difference between a credible bid and an awkward one. Being able to say, plainly and with evidence, that you meet Maturity Level One is fast becoming the price of being taken seriously for government-adjacent work in WA. Getting there early is a competitive advantage while others are still scrambling.
The Eight Strategies, in Plain English
The Essential Eight is not mysterious. It is eight practical things done properly and kept up:
- Application control: only approved software is allowed to run.
- Patch applications: fix known holes in your programs quickly.
- Configure Microsoft Office macros: block the ones that carry malware.
- User application hardening: switch off the risky features attackers abuse.
- Restrict admin privileges: fewer keys to the kingdom, checked regularly.
- Patch operating systems: keep Windows and servers current.
- Multi-factor authentication: a second step so a stolen password is not enough.
- Regular backups: tested backups you can actually restore from.
Want a quick read on where you stand? Our free Essential Eight self-assessment checklist runs through 24 plain questions aligned to Maturity Level One. No email required.
How We Get You Tender-Ready
Start with an honest assessment. We map you against all eight strategies at Maturity Level One and show you exactly where the gaps are, in priority order. No fear, no upsell, just a clear picture.
Close the gaps in the right order. Some controls are quick wins, others take planning. We sequence the work so your posture improves fast and the disruption to your team stays low.
Build the evidence as we go. Meeting a control is only half of it. We document what is in place so that when an agency or auditor asks, you have the answer ready rather than a fortnight of scrambling.
Keep it maintained. Maturity is not a certificate you frame on the wall. Patches lapse, staff change, and configurations drift. Our managed security service keeps your controls current so you stay credible at the next renewal, not just the first bid.
Trusted by Australian Businesses
"StartCloud has simplified the way we manage our subscriptions and services. Everything is organised in one place, helping us stay on top of renewals while keeping our business secure and up to date."
"I can express our gratitude for your exceptional IT support throughout the year 2024. Thank you for being a reliable partner, and we look forward to continuing our collaboration in the following years."
"StartCloud developed our website exactly as we asked and provide exceptional IT services! Highly recommend them to anyone looking for anything IT."
"Alex, Jason, John and the team are solution providers. They provide a high quality and responsive service you can trust."
Frequently Asked Questions
Getting Ready for a Government Bid or Renewal?
Book a free Essential Eight gap assessment. We'll show you exactly where you sit against Maturity Level One and what it takes to be tender-ready, with no jargon and no pressure.
Book a Free Gap Assessment