Right Fit for Risk Accreditation (Encompassing ISO 27001)
What Is It?
- A framework designed to assist organisations in attaining Right Fit For Risk (RFFR) accreditation required by the Commonwealth Department of Employment & Workplace Relations (DEWR) . This accreditation is required of all Third Parties and Third Party Employment & Skills (TPES) system providers that may interface with the Department.
What Problem does it Solve?
- The DEWR is responsible for protecting information and data collected and stored in the administration of employment services. To ensure sensitive information is collected, stored and managed securely, the Department requires all contracted service providers to meet and comply with certain requirements in relation to IT security and accreditation
- Without this accreditation an organisation’s ability to deliver services to the Department, or to deliver services to their clients via a TPES may be limited
- The area of Information Security and the accreditation process itself can be complex and many organisations may not have this knowledge in-house and require additional guidance and support to effectively and efficiently navigate the process
What Problem does it Solve?
- The DEWR is responsible for protecting information and data collected and stored in the administration of employment services. To ensure sensitive information is collected, stored and managed securely, the Department requires all contracted service providers to meet and comply with certain requirements in relation to IT security and accreditation
- Without this accreditation an organisation’s ability to deliver services to the Department, or to deliver services to their clients via a TPES may be limited
- The area of Information Security and the accreditation process itself can be complex and many organisations may not have this knowledge in-house and require additional guidance and support to effectively and efficiently navigate the process
Benefit to your Business
- Compliance with the DEWR’s requirements and controls in order to attain and hold the RFFR accreditation
- Provides a level of preparedness for organisations wishing to become fully ISO27001 certified
- Helps identify information assets that need to be protected using a risk-based approach
- Improved prevention and detection of cyber security attacks through greater awareness and strong security controls
- Accreditation of a TPES system is an indication that the TPES can provide an appropriate level of security over data that is stewarded by a Provider – and forms a level of assurance for both the Providers and clients of the system
Our Solution
- Through our specialist approach, we help organisations understand their current information security posture and assist them to develop a plan to close identified gaps in order to strengthen applicable controls and to navigate the Department-prescribed accreditation process.
- RFFR Accreditation Scope Document
- RFFR Statement of Applicability (SOA)
- RFFR Self Assessment
Our Solution
- Through our specialist approach, we help organisations understand their current information security posture and assist them to develop a plan to close identified gaps in order to strengthen applicable controls and to navigate the Department-prescribed accreditation process.
- RFFR Accreditation Scope Document
- RFFR Statement of Applicability (SOA)
- RFFR Self Assessment