DRUPAL SECURITY

Drupal security, hardened for government.

Patching, vulnerability remediation and compliance alignment for Drupal platforms under public scrutiny.

Start a project ← Drupal Services

48h

Critical patch SLA for all managed clients.

Essential 8

Maturity Level 2 alignment across government-hosted platforms.

24/7

Security monitoring and alerting for Lagoon-hosted environments.

Security the standard demands.

Government Drupal platforms are high value targets. A single unpatched module can expose citizen data, trigger breach notifications and undermine public trust. Security is not a one off activity. It is built into how the platform is designed, maintained and operated every day.

We harden, patch, remediate and monitor continuously, keeping the platform aligned to current advisories and government expectations.

Critical patch SLA

48 hours

Framework

Essential Eight ML2

Monitoring

24/7

Pen testing

Via accredited partners

What we deliver.

Security Patching

Continuous monitoring of Drupal security advisories and a 48-hour critical patch SLA for every managed platform. Patches are tested in staging and rolled back if something downstream breaks.

Essential Eight Alignment

Platform hardening against ASD Essential Eight controls, including application control, patching, multi-factor authentication, admin privilege restriction and daily backups. All documented for auditors.

Vulnerability Remediation

Triage, prioritisation and remediation of vulnerabilities identified through audits or disclosed via Drupal security advisories, with risk-rated reporting for decision-makers.

Security Audits

Codebase and configuration audits covering access controls, input validation, session management and data handling across your Drupal platform.

Incident Response

Defined incident response playbooks, breach notification support and post-incident forensic analysis when things go wrong on a platform we manage.

Baseline.

Current-state security assessment and vulnerability register.

Harden.

Configuration hardening, module audit and access control review.

Audit.

Codebase and configuration audits aligned to Essential Eight controls.

Remediate.

Prioritised fix delivery with risk-rated reporting.

Monitor.

Continuous patching, alerting and quarterly re-review.

What does Essential Eight Maturity Level 2 mean for a Drupal platform?

Maturity Level 2 is the Australian Signals Directorate's mid-tier baseline for cyber resilience. For a Drupal platform it means application control, regular patching within defined windows, multi-factor authentication for administrators, restricted admin privileges and daily backups.

We align government-hosted platforms against ML2 as standard, with documentation that satisfies the auditors who review it.

How quickly are critical patches applied?

How does Doghouse approach penetration testing?

What happens if a security incident is detected?

Can a one-off security audit be scoped without a support retainer?

Security is not optional.

Start a project