Resources

The following is a list of all the resources that are associated with Right Fit For Risk Cyber Security Accreditation.

ISO 27001 risk assessment 

Created:

Provides a high-level overview of the concept of risk assessment and treatment in an ISO 27001 context

Management of third parties – life cycle

Created:

Explains the stages in the life cycle of third party vendors and highlights what providers should think about when contracting with third parties.

Management of Third Parties - Overview

Created:

Assists Providers identify their third parties, who is responsible for them and determine what impact the security of these entities have on a Provider’s environment.

RFFR Questionnaire

Created:

Provides a high level view of a Provider's current security posture as a basis for discussion with the Digital Partnership Office Cybersecurity team at Milestone 1 in the RFFR process.

Right Fit For Risk (RFFR) – Finding the right sponsor

Created:

Details the need to identify an internal sponsor to oversee the implementation of the customised ISO 27001 in all areas of the organisation

Scope template

Created:

Provides example headings and guidance for documenting the ISMS Scope in accordance with ISO27001 clause 4, while also communicating key elements of the business, systems and information associated with delivering the Services and describing the provider’s implementation of the RFFR Core Expectation areas.

SoA template (ISM to ISO Map)

Created:

Provides a Statement of Applicability template that identifies the ISM-sourced controls relevant to each ISO 27001 Annex A control heading. The template also identifies controls that support RFFR Core Expectation areas and prompts for control applicability and status information required at Milestone 2 and Milestone 3.

Gap analysis versus risk assessment

Created:

Differentiates between the essential activities of performing an ISO 27001 gap analysis and a security risk assessment, when implementing an Information Security Risk Management System

alffie Accreditation Letter

Created:

This document is to assist employment services providers understand the scope of the accreditation of alffie’s LMS performed for the Department of Education, Skills and Employment (the department). The accreditation assessment has been performed against the Information Security Manual (ISM) January 2020.

Hivetec Bridge Accreditation letter

Created:
Modified:

This document is to assist employment services providers understand the scope of the accreditation of Bridge performed for the Department of Education, Skills and Employment (the department). The accreditation assessment has been performed against the Information Security Manual (ISM) 2017.