Resources
Third-Party IT Vendor Deed Guidelines
Provides Third-Party IT Vendor Deed Guidelines that form part of the Deed and provides information for Vendors on their continuing obligations.
Bridge Accreditation Report
This document is to assist employment services providers understand the scope of the accreditation of Bridge performed for the Department of Employment and Workplace Relations (the department). The accreditation assessment has been performed against the Information Security Manual (ISM) March 2023.
ISO 27001 and Right Fit For Risk (RFFR) issues to avoid
Helps providers avoid missteps the department has seen to date to make accreditation a smooth process
ISO 27001 risk assessment
Provides a high-level overview of the concept of risk assessment and treatment in an ISO 27001 context
Management of third parties – life cycle
Explains the stages in the life cycle of third party vendors and highlights what providers should think about when contracting with third parties.
Management of Third Parties - Overview
Assists Providers identify their third parties, who is responsible for them and determine what impact the security of these entities have on a Provider’s environment.
RFFR Questionnaire
The intent of this questionnaire is to allow the department to understand the cyber security posture of each Tendering organisation. Responses to the questions should be collated from employees with the relevant knowledge in your organisation.
RFFR Statement of Applicability (SoA) Template
The Statement of Applicability (SoA) template includes controls from contractual obligations, Australian Government Information Security Manual (ISM) and ISO27001 Annex A.
Right Fit For Risk (RFFR) – Finding the right sponsor
Details the need to identify an internal sponsor to oversee the implementation of the customised ISO 27001 in all areas of the organisation
Right Fit For Risk (RFFR) government resources
Outlines the government resources available to assist, understand and address cyber security risks
Right Fit For Risk (RFFR) ISO27001 Self-assessment report template
Provides example headings and guidance to be considered when Category 2A Providers are documenting their self-assessment.
Right Fit For Risk (RFFR) ISO27001 2013 Self-assessment report template
Right Fit For Risk (RFFR) ISO27001 2022 Self-assessment report template
Scope template
Provides example headings and guidance for documenting the ISMS Scope in accordance with ISO27001 clause 4, while also communicating key elements of the business, systems and information associated with delivering the Services and describing the provider’s implementation of the RFFR Core Expectation areas.
Using ISO 27001 to meet your RFFR accreditation requirements
Highlights the differences between an industry standard ISO 27001 and the RFFR requirements