Resources

The following is a list of all the resources that are associated with Right Fit For Risk Cyber Security Accreditation.

Third-Party IT Vendor Deed Guidelines

Created:

Provides Third-Party IT Vendor Deed Guidelines that form part of the Deed and provides information for Vendors on their continuing obligations.

View the Third-Party IT Vendor Deed Guidelines publication details page
TPIT Vendor Guidelines v1.0.pdf

Bridge Accreditation Report

Created:
Modified:

This document is to assist employment services providers understand the scope of the accreditation of Bridge performed for the Department of Employment and Workplace Relations (the department). The accreditation assessment has been performed against the Information Security Manual (ISM) March 2023.

View the Bridge Accreditation Report publication details page
Bridge Accreditation Report.pdf

ReadyTech's Esher House Cortex Accreditation Report

Created:
Modified:
View the ReadyTech's Esher House Cortex Accreditation Report publication details page
ReadyTech's Esher House Cortex Accreditation Report.pdf

ReadyTech's JobReady Accreditation Report

Created:
Modified:
View the ReadyTech's JobReady Accreditation Report publication details page
ReadyTech's JobReady Accreditation Report.pdf

ReadyTech's Ready Apprentice Accreditation Report

Created:
Modified:
View the ReadyTech's Ready Apprentice Accreditation Report publication details page
ReadyTech's JobReady Apprentice Accreditation Report.pdf

ReadyTech's Ready Recruit Accreditation Report

Created:
Modified:
View the ReadyTech's Ready Recruit Accreditation Report publication details page
ReadyTech's JobReady Recruit Accreditation Report.pdf

aXcelerate Accreditation Report

Created:
Modified:
View the aXcelerate Accreditation Report publication details page
aXcelerate Accreditation Report.pdf

ISO 27001 and Right Fit For Risk (RFFR) issues to avoid

Created:

Helps providers avoid missteps the department has seen to date to make accreditation a smooth process

View the ISO 27001 and Right Fit For Risk (RFFR) issues to avoid publication details page

ISO 27001 risk assessment 

Created:

Provides a high-level overview of the concept of risk assessment and treatment in an ISO 27001 context

View the ISO 27001 risk assessment  publication details page

Management of third parties – life cycle

Created:

Explains the stages in the life cycle of third party vendors and highlights what providers should think about when contracting with third parties.

View the Management of third parties – life cycle publication details page

Management of Third Parties - Overview

Created:

Assists Providers identify their third parties, who is responsible for them and determine what impact the security of these entities have on a Provider’s environment.

View the Management of Third Parties - Overview publication details page

Managing third parties – resources

Created:
View the Managing third parties – resources publication details page

RFFR Questionnaire v2.0

Created:
Modified:

The intent of this questionnaire is to allow the department to understand the cyber security posture of each Tendering organisation. Responses to the questions should be collated from employees with the relevant knowledge in your organisation.

View the RFFR Questionnaire v2.0 publication details page
RFFR Questionnaire v2.0 March 2024.pdf

RFFR Statement of Applicability (SoA) Template

Created:
Modified:

The Statement of Applicability (SoA) template includes controls from contractual obligations, Australian Government Information Security Manual (ISM) and ISO27001 Annex A.

View the RFFR Statement of Applicability (SoA) Template publication details page

Right Fit For Risk (RFFR) – Finding the right sponsor

Created:

Details the need to identify an internal sponsor to oversee the implementation of the customised ISO 27001 in all areas of the organisation

View the Right Fit For Risk (RFFR) – Finding the right sponsor publication details page

Right Fit For Risk (RFFR) government resources

Created:

Outlines the government resources available to assist, understand and address cyber security risks

View the Right Fit For Risk (RFFR) government resources publication details page

Right Fit For Risk (RFFR) ISO27001 Self-assessment report template

Created:
Modified:

Provides example headings and guidance to be considered when Category 2A Providers are documenting their self-assessment.

View the Right Fit For Risk (RFFR) ISO27001 Self-assessment report template publication details page

Right Fit For Risk (RFFR) ISO27001 2013 Self-assessment report template

Right Fit For Risk (RFFR) ISO27001 2022 Self-assessment report template

ISMS Self-Assessment Report - ISO27001 2013 - [Provider Code].pdf

Scope template

Created:
Modified:

Provides example headings and guidance for documenting the ISMS Scope in accordance with ISO27001 clause 4, while also communicating key elements of the business, systems and information associated with delivering the Services and describing the provider’s implementation of the RFFR Core Expectation areas.

View the Scope template publication details page
Right Fit For Risk (RFFR) Scope Template.pdf

The importance of your Statement of Applicability when implementing ISO 27001

Created:
View the The importance of your Statement of Applicability when implementing ISO 27001 publication details page

Using ISO 27001 to meet your RFFR accreditation requirements

Created:

Highlights the differences between an industry standard ISO 27001 and the RFFR requirements

View the Using ISO 27001 to meet your RFFR accreditation requirements publication details page