IT Audit, Physical Security and Privacy Compliance
mhwb provides IT audit, physical security inspection, and privacy compliance services to professional practices across Australia. We help practices understand and meet their obligations under the Australian Privacy Act.
Services
| Structural Audit | A review of data handling procedures, access controls, and backup integrity, delivered as a plain-language report with findings ranked by severity. |
| Physical Inspection | An on-site assessment of premises security, server conditions, access controls, and workstation placement. Sydney Metro Area only. |
| Remediation | Implementation of audit findings, or a standalone report your existing provider can act on. |
| Compliance Readiness | A structured review against the Australian Privacy Act and Notifiable Data Breaches scheme ahead of a formal review or regulatory inquiry. |
| Staff Training | A remote session covering phishing awareness, data handling obligations, and incident response. No technical background required. |
| Phishing Simulation | A controlled phishing exercise with written debrief, conducted under written authorisation from the practice principal. |
| Policy Review | Drafting or review of data handling and acceptable use policies suitable for staff and regulators. |
| Quarterly Inspection | A scheduled review of access, configuration, and physical security every three months, available on retainer. |
The structural audit is the most common starting point.
Request a quote →How it works
Scope is agreed in writing before work begins. Audits are conducted remotely via screen share. Physical inspections are available by appointment within the Sydney Metro Area. Findings are delivered as a written report, ranked by severity, with no data retained after the engagement.
Remediation can be carried out by mhwb or taken to your existing provider. The report is written to stand on its own.
A free 30-minute call is available to discuss scope and assess fit.
Book a call →No commitment required.
Who this is for
Medical centres, psychology clinics, law firms, accounting practices, and financial advisors. Practices subject to the Australian Privacy Act that have not undertaken a formal review of their systems or premises.
