Searchshow menu

Security and Privacy


The information in the Customer Information System ( CIS) is sensitive.  To protect the information Comcare has implemented several measures to prevent unauthorised access.

  • SSL: All communication between you browser and the CIS system is protected using SSL (secure sockets layer), this means that any information sent from your browser to the CIS or vice versa is encrypted to prevent it being read by anyone other then the intended recipient.
  • Authentication: All users of the CIS must be authenticated. More detail on authentication is provided below. 
  • Logging and Monitoring: All activity in the CIS system is monitored and logged.  The CIS system will automatically log off after 10 minutes of inactivity.
  • User access audits: Regular reviews of CIS Users are conducted to maintain currency of user accounts.  Each agency must revalidate all of their active CIS users as part of this process.


The information provided to authorised users on the CIS system is governed by the Privacy Act 1988 and users are bound by the Australian Privacy Principles (APPs) under that Act. The APPs set out standards for handling personal information.  Dealing with workers’ compensation can be a sensitive issue and it is important to realise that what is read and is seen must only be used or disclosed for its intended purpose.


You must be authenticated to use the CIS.  Firstly a CIS access request form must be filled in, signed by the Agency CIS administrator and sent to Once the application is processed a password will be supplied.  Only then will you  be able to logon to CIS.
Your CIS logon identifies who you are, what agency you represent and to what level of system access you are entitled.  It allows you to view sensitive information and as such must not be shared with other people. If another person in your organisation needs to use CIS, then they must be issued with their own unique user logon and password.

The CIS is designed to protect your logon against unauthorized access. If you (or anyone else) enters an incorrect password with your user name, an error will be displayed. If an invalid password is entered three times, your account will become locked and you will need to contact the CIS administrator to have it reset.

First log on

The first time that you logon to the CIS you will need to use the user name and password issued to you by the Comcare CIS Administrator.  You will then be required to change your password (see Passwords below) to a new password known only by you, before you can gain access to the system. This ensures that only you know the password for your account.


Passwords in CIS are protected, and are known only by the relevant user. Passwords are not accessible by the CIS administrator and cannot be retrieved if forgotten.  Each CIS password has a limited life - they will expire 90 days after creation. After that time the password must be changed, and you may need to contact the CIS Helpdesk to have your account reset and have a new password issued to you.
If you have forgotten your password or your password has expired, then you can request a password reset online from the main logon screen.  To use this facility, you will need to have set up your Security Questions and Answers (see below).  You can also manage your own password once you have logged into CIS - it can be updated at any time through the Preferences function.

Passwords in CIS must satisfy the following criteria:

  • A password must be a minimum of 8 characters long;
  • it must contain at least 2 special or numeric characters; 
  • it must not be the same as or contain your user name; 
  • and it must not be the same as any password you have used in the last 12 months.

Security Questions and Answers

Many online applications, such as Online Banking, utilise a set of Security Questions and Answers to aid in the identification of their system users.
We have now built this into the CIS to enhance the security of our online password reset request facility.  When you have logged onto CIS successfully, you can set up your security questions and answers through the Preferences function.

Access Levels

There are several levels of access to the CIS: Management, Case Management Claim detail, Finance and Agency Administrator.

  • Management Level - prohibits the user from accessing individual claim details
  • Case Manager Claim detail - allows the user to view all available data for your agency on CIS, including individual claim details 
  • Finance - allows the user to access a range of incapacity payment reports 
  • Agency Administrator - is the person/s within your agency responsible for authorizing all access requests and for managing cost centre restriction if used by your agency.

Cost Centre Restriction

Agencies can elect to utilise the cost centre restriction facility within CIS - this allows the Agency Administrator to control the level of access users may have to particular cost centres within their agency. This feature must be turned on by the Comcare CIS Administrators.  Training and support is available for the Agency Administrator on maintaining user access profiles.

Page last updated: 20 Mar 2014