The department undertakes a range of digital information assurance activities to support the delivery of employment services.
The department uses a network of contracted employment service providers (providers) to deliver its programs. To support this, providers access various departmental IT systems which also support programs administered by other Government departments. Providers may also develop their own systems or use accredited third party employment systems (TPES) developed by third party vendors.
Assurance of employment systems is required where:
- the TPES stores job seeker data or records where the vendor manages the system and retains access (eg they retain database administrator role)
- a provider has a deed with any government department which stipulates the provider is to only use TPES accredited by the department.
Accreditation provides assurance that there are safeguards to protect program data and information.
BeSoftware products are not accredited by the department
BeSoftware's iignite product was previously accredited by the department in 2016. When it expired, BeSoftware have chosen not to maintain this accreditation. Accordingly, this website shows that iignite's accreditation has expired.
We note that BeSoftware are stating on their websites (such as besoftware.biz and iignite.biz) that their iignite product is still accredited. We would like to confirm that their accreditation has expired and this product must not be used in the delivery of employment services.
For providers – Use of an accredited third party employment system
Any provider choosing to use a TPES has a responsibility to ensure the system is secure before using it to process, store or communicate data relating to the delivery of Government programs.
Any intention to change an accredited TPES must be explicitly authorised by the department.
Accreditation is for the benefit of the department, and is not a warranty that a TPES is fit for its intended use or for a provider’s specific business processes.
To reduce provider costs, the department works directly with TPES vendors to assess and accredit their systems. This also makes it quicker and easier for providers wishing to change TPES. Alternatively, the department provides secure in-house IT systems that can be used as-is by providers to meet their obligations under their deeds.
What third party IT systems are accredited directly?
The department only accredits specific TPES, not specific vendors, and does not recommend the use of any particular TPES.
Systems are accredited for functionality at the date of accreditation. Any changes to system design or functionality with security implications require reaccreditation by the department.
To assist providers to understand which features have been accredited, the department works with the TPES vendor to prepare an accreditation letter. This letter also details the responsibilities and security implications that providers need to address in their decision to use the TPES and securely implement it.
The accreditation status of the TPES is outlined in the table below.
|Third Party Vendor||Accreditation Status||Accredited System||Notes||Accreditation Letter|
|SoNET Systems||Accredited||iCase||Note 1|
|JobReady||Accredited||JobReady Live||Note 2||JobReady Live Accreditation letter|
|Hivetec||Accredited||Bridge||Note 3||Hivetec Bridge Accreditation letter|
|Leading Directions||Accredited||BuddyNote, Performance Reports||Note 4||BuddyNote and Performance Reports Accreditation Letter|
|JobReady||Expired||Neptune||-||Expired 30 June 2020|
|KV Interactive||Expired||JDE-MAX||-||Expired 30 June 2020|
|Be Software||Not Accredited||Iignite||-||-|
- indicates "None".
Note 1 - iCase has been accredited for use to assist in the delivery of jobactive, Disability Employment Services, Transition to Work and ParentsNext.
Note 2 - The new system JobReady Live has been accredited for use to assist in the delivery of jobactive, Disability Employment Services, ParentsNext, New Enterprise Incentive Scheme (NEIS), Transition to Work and PaTH.
Note 3 - The Bridge system is accredited to be used to support jobactive, Disability Employment Services, ParentsNext, New Enterprise Incentive Scheme, Stronger Transitions, Career Transition Assistance, Empowering YOUth Initiatives, Youth Jobs PaTH, Transition to Work, Time to Work, Harvest Labour Service, Launch into Work, National Work Experience Programme and Work for the Dole.
Note 4 - Leading Directions’ systems BuddyNote and Performance Reports are accredited to be used to support Disability Employment Services, Transition to Work, jobactive, ParentsNext, Work for the Dole, Empowering YOUth Initiatives, Harvest Labour Service, Launch into Work, National Work Experience Programme, New Enterprise Incentive Scheme, Stronger Transitions, Time to Work and Youth Jobs PaTH.
- Systems (with explicitly assessed functionality) accredited for use by providers.
- Review the accreditation letter to understand your responsibilities and security implications of using this TPES. The letter also details the features covered by the accreditation. Any feature not specified in the letter is not accredited. Your organisation would need to assess whether the vendor has adequate safeguards to protect program data and information yourself before you can use it.
- Use of accredited systems does not ensure a system is fit-for-purpose, suits business processes, or meets provider obligations to protect program data.
- The department will not endorse a move from an accredited TPES to another with less advanced accreditation.
Proposed TPES undergoing accreditation
The vendor has signed a deed with the department and have commenced the accreditation process. Please contact the vendor directly if your organisation wishes to use it in the future to ensure the features you want to use are covered within the scope.
|Proposed system||Deed execution date|
|Aible [Note 1]||12/8/2020|
Note 1: This vendor has signed a deed with the department and is currently preparing for the process to achieve ISO 27001 accreditation.
For third party employment system vendors
TPES handling information or data relating to programs delivered by the department must gain and maintain accreditation prior to use by our providers.
Vendors who are unsure whether their systems require accreditation should contact the Security Compliance Support mailbox with the following information:
- outline of the system and services offered
- how the system will assist providers to deliver our programs, and which programs are proposed
- an overview of the system design and access, such as high level architecture, data centre locations, access, authentication, administrative staff locations
- how the system is intended to inter-operate with the department’s system, such as daily bulk download and upload of data, real-time via APIs
- the scope of any existing IT security certifications or accreditations maintained
- the providers considering your system.