Essential Eight – Maturity Level 1

Onsiteable Pty Ltd

Essential Eight – Maturity Level 1

Self‑Assessment & Statement (AWS Environment)

---

1. Company Information

* **Company name:** Onsiteable Pty Ltd
* **Business type:** On‑demand / on‑site services platform
* **Environment:** Amazon Web Services (AWS)
* **Assessment level:** Essential Eight – Maturity Level 1
* **Assessment basis:** Australian Cyber Security Centre (ACSC) Essential Eight framework

---

2. Scope of Assessment

This Essential Eight Level 1 assessment applies to:

* AWS cloud infrastructure used to host Onsiteable systems
* Internal administrative access to AWS and related business systems
* Customer and operational data processed by the Onsiteable platform

Excluded from scope:

* Personal devices not used for company operations
* Third‑party systems not managed or controlled by Onsiteable

---

3. Essential Eight – Level 1 Self‑Assessment

### 1. Application Control

**Status:** Implemented

* Only trusted applications and cloud services are used
* No unauthorised or unknown software is permitted
* AWS managed services are used wherever possible

---

### 2. Patch Applications

**Status:** Implemented

* Web browsers, applications, and cloud services are regularly updated
* AWS‑managed services receive automatic updates and patches

---

### 3. Patch Operating Systems

**Status:** Implemented

* Operating systems are kept up to date
* End‑of‑life operating systems are not used
* AWS managed environments provide automated patching

---

### 4. Restrict Administrative Privileges

**Status:** Implemented

* AWS root account is not used for day‑to‑day operations
* Administrative privileges are limited to essential personnel only
* AWS IAM follows the principle of least privilege

---

### 5. Multi‑Factor Authentication (MFA)

**Status:** Implemented

* MFA is enabled for all AWS IAM users
* MFA is enforced for privileged and administrative access

---

### 6. Backup Data

**Status:** Implemented

* Data backups are enabled using AWS managed backup services
* Backups are stored securely and can be restored when required

---

### 7. User Application Hardening

**Status:** Implemented

* Unnecessary features and insecure configurations are disabled
* Unsupported plugins, macros, and legacy components are not used

---

### 8. Restrict Microsoft Office Macros

**Status:** Not Applicable

* Microsoft Office macros are not used in business operations

---

4. Essential Eight Level 1 Statement

Onsiteable Pty Ltd confirms that it aligns with the **Australian Cyber Security Centre’s Essential Eight framework** and has implemented the **baseline security controls required for Maturity Level 1** across its AWS infrastructure.

These controls include:

* Multi‑factor authentication (MFA)
* Restricted administrative access
* Regular patching and updates
* Secure backups
* Use of AWS security best practices

This statement reflects Onsiteable’s current cybersecurity posture and demonstrates its commitment to protecting customer and business information.

---

5. Responsibility

* **Responsible role:** Director / Founder
* **Review frequency:** Annual or upon material system change

---

*Document prepared for internal governance and external assurance purposes.*