CRADAL Logo
← Back to Site-Ready Assessment

CRADAL

Construction IT Risk Checklist

Pre-assessment prep for construction and building companies in South East Queensland

Complete this before your Site-Ready Assessment call. Select Yes, No, or Unsure for each item, then send it to CRADAL — or print to PDF if you prefer paper. Honest answers help us focus the session on what matters most.

30 items still to answer. Progress saves automatically in this browser.

Your details

1. How you run IT today

Quick snapshot of your current setup.

1. We have a documented list of all IT systems (email, files, job costing, etc.).

Response for item 1

2. We know who is responsible when something breaks — and what the escalation path is.

Response for item 2

3. We use Microsoft 365 (or similar) as our primary email and file platform.

Response for item 3

4. Subcontractors or temp staff get access through a repeatable onboarding process.

Response for item 4

2. Access across office, yard and sites

Construction teams work in more places than a desk — access should work everywhere.

1. Site supervisors and PMs can reach project files from mobile devices without workarounds.

Shared drives, SharePoint, Procore, etc.

Response for item 1

2. Remote or hybrid staff have secure access equivalent to the office.

Response for item 2

3. Wi‑Fi and network setup at sites or site offices meet a minimum security standard.

Response for item 3

4. New starters have email, files and apps ready on day one.

Response for item 4

5. When someone leaves, their access is removed the same day (or within 24 hours).

Response for item 5

3. Security and cyber risk

Construction businesses are common targets for phishing, ransomware and payment fraud.

1. Multi-factor authentication (MFA) is enforced on all admin and email accounts.

Response for item 1

2. Staff completed security awareness training in the last 12 months.

Response for item 2

3. We have a process to verify bank detail or invoice changes before paying (BEC protection).

Response for item 3

4. Every laptop and PC has managed endpoint protection (EDR/antivirus), not just free tools.

Response for item 4

5. Admin accounts are separate from daily user accounts (no everyday browsing as admin).

Response for item 5

6. We could explain our Essential 8 / baseline security posture in plain language if asked.

Response for item 6

4. Support and responsiveness

When IT slows a handover or site setup, the cost shows up on the project.

1. Staff know how to log support issues and what response time to expect.

Response for item 1

2. Critical outages (email down, site offline) get attention outside business hours.

Response for item 2

3. On-site support is available when a job site issue can't be fixed remotely.

Response for item 3

4. One internal person is not the only backup for support, projects and security.

Response for item 4

5. Standard devices and processes

Consistent setups across locations reduce surprises and support load.

1. New devices are set up to a standard image or checklist — not ad hoc each time.

Response for item 1

2. Operating systems and apps are patched on a regular schedule (including Macs if used).

Response for item 2

3. We maintain an asset list: who has which device and where it lives.

Response for item 3

4. Software installs are controlled — not anyone can install anything.

Response for item 4

6. Backups and continuity

Can you recover if ransomware hits or a server fails mid-project?

1. Backups run automatically and are monitored — not "set and forget" on a USB drive.

Response for item 1

2. Microsoft 365 / cloud data is backed up outside Microsoft's default retention.

Response for item 2

3. We have tested a restore in the last 12 months and know it works.

Response for item 3

4. We have a written plan for what happens if email or files are unavailable for a day.

Response for item 4

7. Cost and vendor clarity

Predictable IT spend beats surprise project quotes.

1. We know our total monthly IT spend per user (support + tools + licences).

Response for item 1

2. Security and compliance tools are bundled — not a surprise line item every quarter.

Response for item 2

3. We haven't had an IT project blow past budget or timeline in the last 12 months.

Response for item 3

Before your call

Optional notes — we'll use these to prioritise the session.

Send to CRADAL

Submit your completed checklist to our team at hello@cradal.com. We'll review it before your assessment call.