Skip to content

Internal tool · CCP staff only

Security posture statement generator.

Drafts a CCP-issued posture statement for a client to attach to a tender response, insurance questionnaire or corporate-client audit. Each document carries a verification reference recorded against a CCP ticket so external recipients can confirm authenticity by phone.

How to use this

  1. Open or create a CCP ticket for the client's request and copy the ticket number.
  2. Fill in the client's legal name, ABN and the recipient (insurer, tender, corporate-client name).
  3. Pick the plan; toggle any component the client self-supplies or that's out of scope.
  4. Optionally enter the client's current Microsoft Secure Score and the comparison benchmark for similar tenants.
  5. Optionally upload the client's logo for the PDF header.
  6. Copy the verification reference into the ticket so anyone phoning to verify finds it instantly.
  7. Send the PDF or the share link to the client to attach where they need it.

This page lives under /staff/, is noindex, omitted from the sitemap, and access-restricted at the Cloudflare layer (a WAF rule limiting the whole /staff/ section to the CCP network). The verification reference is a content hash; if the document is altered after issue, the hash will not match what's recorded against the ticket and the verification call fails.

Step 1 · Identity

Who is this statement for?

Step 2 · Plan

Which plan is the client on?

Choosing a plan sets each component below to that plan's defaults. You can override individual components in step 3.

Step 3 · Components

Confirm what CCP delivers and what the client maintains.

Use Client-supplied for components the client procures from another provider (such as their own password manager). Use Not in scope for components that aren't part of the engagement.

Core managed IT

Managed Helpdesk

Named senior-led team on a direct phone line, SLA-backed.

Managed Cyber Security

EDR, identity threat detection, 24x7 SOC response, backups, DNS filtering, domain & email auth.

Monitoring & Patching

Asset inventory, automated patching for OS + 200 third-party apps, automated remediation.

Security & Tech Review

Quarterly or annual review of incidents, licences, service consumption, asset lifecycle.

Business services

Microsoft 365 management

Licence management, Intune, Secure Score, best-practice configuration.

Email Signature Management

Centrally managed M365 signatures with branded templates and scheduled content.

Cloud Printer Management

Automatic printer deployment, cloud printing across devices, usage reporting.

Cloud Phone System

IVR, ring groups, hot desking, unlimited local / mobile / national calls.

Internet Services

NBN / enterprise NBN with managed router, unlimited bandwidth, uptime SLAs.

Web Hosting

Secured hosting with fortification, automated backups, CMS auto-update.

Compliance & governance

Cybersecurity Training

Fortnightly training content + phishing testing + learning moments + reporting.

Application Control

"Deny by default" allowlisting, ringfencing, storage control, unified auditing.

Password Manager

Zero-knowledge vault with SSO to M365, dark-web monitoring, Vault Transfer.

Centralised Logging

Firewall / server / workstation logs into a SIEM with 24x7 SOC threat hunting.

Vulnerability Scanning

Asset discovery, CVE tracking, EPSS-prioritised remediation, extended app patching.

Vendor Management

SaaS discovery, implementation PM, compliance reviews of third-party platforms.

Technology Success Program

The vCIO function: compliance management, growth acceleration, process automation, technology roadmap.

Step 4 · Microsoft 365 supplementary detail (optional)

Add the client's Microsoft 365 security posture detail, if you have it to hand.

All fields here are optional. Leave any blank to skip that detail in the output. The supplementary identity-protection and device-compliance text only appears in the document when the Microsoft 365 management component is set to CCP-delivered.

Microsoft Secure Score

Read the current score from the Microsoft 365 Defender portal. Numbers above 100 or below 0 are clamped.

Identity protection

Pick the strongest authentication state currently enforced for each identity class. Leave blank if not applicable on this engagement.

Device compliance + Conditional Access

Does sign-in require a compliant device? (Microsoft Intune device compliance + Microsoft Entra Conditional Access enforced.)

Step 5 · Optional client logo

Add the client's logo to the PDF header.

PNG, JPEG, or SVG, under 200 KB. The logo appears alongside the CCP logo in the PDF only. Not used in the plain-text or share-link outputs.

Verification reference

ReferenceSPS-20260625-00A42C4ATicketTicket: not assigned

Paste both the reference and the ticket label into the CCP ticket above. If the document is later altered, its hash will not match what you recorded, and the verification call will fail.

Step 6 · Output

Copy the statement, download the PDF, or share the prefill link.

Output is gated. Add the client legal name and the CCP ticket number above before generating.

Share links round-trip the plan, component overrides, identity fields, ticket number, and date. The uploaded logo is not in the link.
See if we're a fit