PlanSuite is aligned with the Australian Signals Directorate's Essential Eight cybersecurity framework — the baseline standard for protecting Australian organisations.
The Essential Eight is a set of baseline cybersecurity strategies developed by the Australian Signals Directorate (ASD) — Australia's national authority on cybersecurity. It represents the minimum recommended security posture for Australian organisations.
These eight strategies are designed to protect against the most common cyberattacks, including ransomware, data breaches, and unauthorised access. They are widely referenced in government procurement and council IT security requirements across Australia.
How PlanSuite addresses each of the ASD's Essential Eight mitigation strategies.
PlanSuite runs on AWS ECS Fargate — a serverless container platform. Only our verified, containerised application code executes in production. There is no general-purpose operating system where arbitrary applications could be installed or run.
Application dependencies are continuously monitored via automated vulnerability scanning and dependency management tools. Updates are applied regularly through our CI/CD pipeline, ensuring known vulnerabilities are patched promptly.
PlanSuite is a web application. Users interact entirely through a web browser — there are no Microsoft Office macros, ActiveX controls, or downloadable executables involved in the platform.
The platform does not use Flash, Java applets, or web advertisements. Content Security Policy (CSP) headers are enforced to prevent cross-site scripting and code injection. The attack surface available to end users is minimal by design.
Administrative access follows the principle of least privilege. AWS IAM policies restrict access to only what is required. Application-level roles (RBAC) ensure council users only access data within their organisation. There are no shared root accounts.
AWS Fargate manages the underlying operating system, including security patches and kernel updates. We do not manage or have access to the host OS — AWS handles this automatically, ensuring patches are applied without delay.
PlanSuite supports Single Sign-On (SSO) integration with council identity providers (Azure AD / Entra ID, Okta, etc.). MFA is enforced by the council's own IdP — meaning their IT team controls the MFA policy, and staff use their existing credentials. Internal infrastructure access requires MFA via AWS IAM.
Database backups are managed by AWS RDS automated backups with point-in-time recovery. Document storage uses AWS S3 with versioning enabled. Backups are encrypted at rest and stored within the Sydney (ap-southeast-2) region.
Essential Eight alignment is increasingly referenced in Victorian council IT procurement requirements and security assessments.
Developed by the Australian Signals Directorate (ASD), the Essential Eight is the recognised baseline cybersecurity framework for Australian government and organisations.
We openly document our security alignment so councils can assess our posture against their own policies with confidence.
PlanSuite integrates with your council's existing identity provider via Single Sign-On. This means:
All PlanSuite data is stored and processed in AWS Sydney (ap-southeast-2). Council data never leaves Australia.
Our infrastructure complies with the Privacy and Data Protection Act 2014 (Vic), the Victorian Protective Data Security Framework (VPDSF), and the Privacy Act 1988 (Cth). For full details, see our Security & Data Protection page and Privacy Policy.
We're happy to discuss our Essential Eight alignment, provide documentation for procurement processes, or answer any security questions your IT team may have.