The Statement of Applicability (SoA) template includes controls from contractual obligations, Australian Government Information Security Manual (ISM) and ISO27001 Annex A.
Please note that:
- The SoA template is mandatory and must be used for RFFR accreditation
- The department will continue to support Providers who have previously used their own modified version of a SoA as an interim arrangement. This is on the basis that all applicable controls are adequately addressed, and all required fields from the below template are included
- The department will assist Providers using their own SoA in transitioning to the department’s SoA template over the following 12 months, depending on individual circumstances and RFFR timeframes
- The SoA template ensures Providers are consistent with their assessment of applicable controls, and delivers an assurance that all ISM, ISO and RFFR contractual obligations are addressed by all Providers
- The SoA template is updated each quarter to align with the ISM that is available on the Australian Cyber Security Centre’s website.
The current SoA template is based on the December 2024 ISM.
Providers who have upcoming certification or surveillance audits are encouraged to use the latest template which is available below.
- Creation Date
-
- Modified date
-
- FOI Reference
-
D24/7353351
- Stream
-
Employment
- Creator
-
Department of Employment and Workplace Relations
- Publisher
-
Department of Employment and Workplace Relations
- Publication Category
-
Departmental document
- Language
-
English / Australian English
- Coverage
-
Australia
We aim to provide documents in an accessible format. If you're having problems accessing a document, please contact us for help.