Re-accreditation overview

On this page:

What is RFFR re-accreditation?

RFFR re-accreditation is the process of continuing acceptance of a Provider’s or a Third-Party Employment and Skills (TPES) system Vendor’s Information Security Management System (ISMS). Re-accreditation must be completed by the third anniversary of the initial RFFR accreditation date.

Re-accreditation ensures that the ISMS continues to meet the security requirements and standards in accordance with the RFFR accreditation approach.

Who is subject to the re-accreditation process?

All current Providers and TPES system Vendors who have completed the initial accreditation and subsequent accreditation maintenance requirements.

RFFR re-accreditation process and timeframes

The re-accreditation process commences after approval of a Providers second accreditation maintenance submission. The department will engage with Providers at the commencement of their re-accreditation process to ensure their provider category is still appropriate.

The submission of documents for re-accreditation must occur 6 weeks before the anniversary date. This allows time for the department to seek any further information if necessary and provide time for the Accreditation Authority to review and approve a Providers submission.

The date of re-accreditation becomes the new accreditation anniversary date for the Provider and TPES vendor. This means the next accreditation maintenance must be completed within 12 months of this date. Below is an example timeline of a RFFR accreditation and re-accreditation.

Initial RFFR Accreditation (Milestone 3)

  1. Accreditation achieved on 20 September 2023
Dot (blue)

Accreditation Maintenance 1

  1. Documents submitted on 9 August 2024 (6 weeks before accreditation anniversary of 20 September)
  2. Accreditation Maintenance 1 submission approved on 20 September 2024
Dot (blue)

Accreditation Maintenance 2

  1. Documents submitted on 9 August 2025 (6 weeks before accreditation anniversary)
  2. Accreditation Maintenance 2 submission approved on 20 September 2025
Dot (blue)

Re-accreditation

  1. Documents submitted on 9 August 2026 (6 weeks before initial accreditation anniversary)
  2. Re-accreditation achieved on 28 August 2026
Dot (blue)

Accreditation Maintenance 1

  1. Documents submitted on 17 July 2027 (6 weeks before re-accreditation anniversary)
  2. Accreditation Maintenance 1 submission approved on 28 August 2027
Dot (blue)

In the example above, the re-accreditation date of 28 August 2026 becomes the new accreditation anniversary date. This date will apply to the future accreditation maintenance requirements.

If you are unaware of your current RFFR accreditation anniversary date, please reach out to our team securitycompliancesupport@dewr.gov.au.

Documents required for re-accreditation

Provider category for RFFR purposesDocuments
Category 1 and (TPES) systems
  1. ISMS Scope
  2. Statement of Applicability
  3. ISO/IEC 27001 stage-2 audit report or DEWR ISMS Scheme report
  4. ISO/IEC 27001 certificate or DEWR ISMS Scheme certificate
  5. Corrective Actions Plan (if applicable)
Category 2A
  1. ISMS Scope
  2. Statement of Applicability
  3. ISMS Self-assessment report
Category 2B
  1. Management Assertion Letter
  2. Statement of Applicability