The Right Fit For Risk (RFFR) accreditation approach classifies Providers into categories to obtain accreditation. When determining Provider category, the department considers the number of individuals receiving services from the Provider and their subcontractors (“case load”) taken together across all Deeds.
On this page:
Additionally, the department will also consider a range of risk factors including the:
- IT environment
- level of outsourcing
- subcontracting arrangements
- organisational structure
- level of security maturity
- the extent of sensitive information held and level of access to departmental systems
- any other relevant factors.
The department will categorise a Provider based on their RFFR questionnaire submission, and additional information obtained through an interview with the Provider conducted as part of the Milestone 1 process. If, at any time a change to a Provider’s or their subcontractor’s circumstances alter the risk profile of the organisation, the department may need to conduct a categorisation re-assessment.
Each of the Provider categories is associated with its own accreditation pathway under the RFFR approach. The below table provides guidance to Providers on the classification requirements.
| Category | Category 1 | Category 2A | Category 2B |
|---|---|---|---|
| Annual Case load |
|
|
|
| Risk profile |
|
|
|
| Basis of accreditation |
|
|
|
| Accreditation maintenance |
|
|
|
| Milestones to complete |
|
|
|