The process of accrediting external IT systems and Providers to protect against cyber threats.
The Department is responsible for protecting information and data collected and stored in the administration of its programs, including when programs are delivered with the assistance of external Providers and when external IT systems interact with the Department’s IT systems. To ensure sensitive information is collected, stored and managed securely, the Department requires all contracted Providers and vendors of external IT systems interacting with the Department’s IT systems to meet and comply with certain requirements in relation to IT security.
The Department’s Right Fit For Risk (RFFR) Accreditation signifies that a Provider or external IT system has met these requirements. The Department uses its own RFFR assurance approach to assess and accredit Providers and external IT systems.
Learn about the accreditation overview process including:
- The Department’s accreditation program
- The Right Fit For Risk process
- The process and requirements to maintain accreditation
- RFFR’s approach to classifying Providers into categories
- Core expectations to maintain and enhance security posture.
- Accredited Third Party Employment and Skills (TPES) systems
- RFFR accreditation resources
Announcements
RFFR Statement of Applicability (SoA) template updated - September 2024
Changes from the previous version are listed in the 'Info' tab of the template.
