TCSI March Newsletter 2026

Post date

Tuesday, March 31, 2026 - 16:00

The TCSI Newsletter helps to keep our Higher Education and VET Student Loans (VSL) providers up to date with the TCSI news.

Click on the headings below to find out more:

For VSL and Higher Education Providers

Responding to Cyber Security Incidents

Resources are available for providers who experience a cyber security incident.

Students entrust providers with their personal information, and providers have a responsibility to handle that information carefully, securely and in accordance with the 13 Australian Privacy Principles outlined under the Privacy Act 1988.

An important part of securing your systems is preparing in advance, understanding your obligations, and knowing where to get help when responding to a cyber security incident.

Responding to an incident is stressful, with many urgent tasks to manage at once. Your planning should consider the core reporting steps outlined below to help protect sensitive data. Other reporting obligations may apply in your jurisdiction. It is the responsibility of providers to ensure they are aware of, and meeting, their reporting requirements with state and territory cyber security agencies.

Notify the Australian Cyber Security Centre (ACSC)

Tertiary education providers should notify the ACSC in the first instance if they have been impacted by a cyber security incident.

Cyber security incidents can be reported to the ACSC on this webpage or via the ACSC Hotline on 1300 CYBER1 (1300 292 371).

Types of incidents you should report include, but are not limited to:

Denial of service
Scanning and reconnaissance
Intentional or malicious unauthorised access to network or device
Data exposure, theft or leak
Malicious code/malware
Ransomware
Phishing/spear-phishing
Other irregular cyber activity that causes concern

The ACSC sits within the Australian Signals Directorate and is the Australian Government’s technical authority on cyber security. The ACSC offers incident response advice and assistance 24 hours a day, 7 days a week.

Through the process of reporting to the ACSC, providers can also elect to notify the National Office of Cyber Security (NOCS) for assistance with coordination of consequence management and the Australian Federal Police (AFP) for investigation of criminal activity.

Providers should report early, even if unsure of the nature or extent of the cyber security incident, noting government authorities are bound by legislation to ensure the confidentiality of any information shared.

If required, notify affected individuals and the Office of the Australian Information Commissioner

Your organisation must promptly notify all affected individuals and notify the Office of the Australian Information Commissioner of any notifiable data breaches.

A notifiable data breach occurs when the following criteria are met:

There is unauthorised access to or disclosure of personal information held by an organisation or agency (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
This is likely to result in serious harm to any of the individuals to whom the information relates.
The organisation or agency has been unable to prevent the likely risk of serious harm with remedial action.

The Office of the Australian Information Commissioner can be notified via their report a data breach page. For more information, please see the notifiable data breaches page.

Notify relevant Commonwealth tertiary education program stewards

For higher education providers this is the Tertiary Education Quality and Standards Agency (TEQSA)

Registered higher education providers must notify TEQSA via materialchanges@teqsa.gov.au of events that happen or are likely to happen that will significantly impact the provider’s ability to meet the Threshold Standards.

For further information regarding the role of TEQSA during a cyber security incident and guidance on reporting material changes, please visit the TEQSA cyber security webpage.

For VSL providers this is the Department of Employment and Workplace Relations

Approved VSL providers must notify the Department of Employment and Workplace Relations if they reasonably believe a data breach (whether suspected or known) has occurred in connection with the VSL program.

The notification must be given by email to vetstudentloans@dewr.gov.au within one business day of you becoming aware of the suspected or known data breach and include the following information (if known at the time of the notification):

legal name and contact person details,
a description of the data breach and what you have done to contain or remedy the breach,
what you are doing to reduce the risk of future similar breaches,
the legal name and physical address of any contractors or third-party entities involved in the breach,
the number of individuals affected by the data breach,
the types of personal information involved in the data breach and
the date you informed, or intend to inform, individuals affected by their information being accessed, disclosed and/or lost.

For general information, please refer to the VSL provider manual section 45.3 Notification of data breaches.

Digital ID is coming to myHELPbalance

From late April 2026 students will require a Digital ID to access myHELPbalance.

The myHELPbalance website allows students to view their available borrowing balance under the combined Higher Education Loan Program (HELP) loan limit.

From late April 2026, students will require a Digital ID to access the myHELPbalance website. The Digital ID being used is myID, which is the same digital identity used to access over 150 Australian Government services, such as the myGov website. This change is being implemented to protect students’ personal information by preventing unauthorised access to their student records. Once a student has linked their myID with their student record, access to myHELPbalance will be faster and more secure.

Setting up a standard strength myID is quick and easy. If students don’t already have a myID, they can follow step-by-step instructions on how to set up myID.

It is important to note there is no change to how providers access the myHELPbalance website through their PRODA account. Providers are encouraged to review the Accessing TCSI services (PRODA) webpage for further detail on assigning and maintaining the TCSI attribute required to access the myHELPbalance portal.

The department will send out a stakeholder communication pack in April 2026 for providers to use to promote this change to your students. This pack will be sent to TCSI primary and secondary contacts, HELP Provider Communications Working Group, and eCAF primary contacts. The communication pack will include social media, website and newsletter posts and tiles, and a poster and flyer.

If you have any questions about this change, you can contact the Student Engagement Team via HEenquiries@education.gov.au.

Upcoming Webinars

All providers are invited to attend upcoming webinars and drop-in sessions.

These sessions are an excellent opportunity to get up-to-date information and to ask any questions you might have about TCSI.

A list of upcoming TCSI webinars can be found below:

Webinar	Time	Date
TCSI Support drop-in session	2pm [AEST]	15 April 2026
TCSI April Provider Webinar	2pm [AEST]	29 April 2026
TCSI Support drop-in session	2pm [AEST]	13 May 2026
TCSI May Provider Webinar	2pm [AEST]	27 May 2026
TCSI Support drop-in session	2pm [AEST]	10 June 2026
TCSI June Provider Webinar	2pm [AEST]	24 June 2026

To attend the scheduled 2025 monthly TCSI webinars live, please register via the TCSI News Centre webpage.

Recordings of previous webinars can be found at the following locations:

For Monthly provider webinars, please see the ‘Published Newsletters, Webinars and other media’ section of the News Centre webpage.

For Higher Education Providers only

2025 Student data verification reminder

The 2025 Higher Education Provider Student data collection is due to be signed off by 17 April 2026.

Verification is part of the reporting requirements under the Higher Education Support Act 2003 (HESA). All Higher Education Providers that are approved under HESA must complete the 2025 HEP student data verification process by 17 April 2026.

We encourage providers to access the Data Verification webpage for comprehensive information and instructions about the process.

The recordings for the TCSI February 2026 Provider Webinar and the TCSI March 2026 Provider Webinar are recommended resources for providers to refresh their knowledge and learn useful tips to assist when verifying your data.

OS-HELP, SA-HELP and Commonwealth Scholarship collections

The verification of OS-HELP, SA-HELP and Commonwealth Scholarship collections was activated for providers that had relevant records stored in the database for 2025.

Providers can confirm if these collections were activated by reviewing the ‘Collections’ column under the ‘Annual Verification’ tab in TCSI Analytics. Section 6.2 of the Provider Data Verification User Guide includes further information and a screenshot of the ‘Annual Verification’ tab.

Please contact TCSIsupport@education.gov.au if you expect to see an annual collection, but do not see it in the ‘Collections’ list.

New support videos for TCSI Analytics Portal

New support videos are available in TCSI Analytics.

A new suite of support videos will be available from 27 March 2026, highlighting key features and functionality of the TCSI Analytics Portal, including the higher education Critical Student Loan Error dashboard and the Expected Student Enrolment Trend dashboards.

These videos will be available within the TCSI Analytics portal and complement existing support resources. They are designed to help providers navigate the enhanced portal, interpret insights, and strengthen higher education loan data quality and reporting.

Feedback or enquiries can be directed to TCSIsupport@education.gov.au.

Update to funding cluster mapping resource

The funding cluster mapping resource has been updated.

The mapping of E464: Discipline codes to Commonwealth Grants Scheme (CGS) funding clusters has been corrected in the Higher Education CGS Clusters by Course Level Report for live, verification, and verified data as notified in the 6 March 2026 release notes.

Please see the updated Mapping Disciplines Clusters spreadsheet available via the ‘Notes’ section of the Higher Education CGS Clusters by Course Level coding notes page. The spreadsheet shows the mapping between discipline groups to funding clusters, with supporting information for Maximum Student Contribution Amounts and the Commonwealth Contribution Amounts.

If you have any queries, please contact TCSIsupport@education.gov.au.