Resources

The following is a list of all the resources that are associated with Right Fit For Risk Cyber Security Accreditation.

Third-Party IT Vendor Deed Guidelines

Created:

Provides Third-Party IT Vendor Deed Guidelines that form part of the Deed and provides information for Vendors on their continuing obligations.

TPIT Vendor Guidelines v1.0.pdf

Bridge Accreditation Report

Created:
Modified:

This document is to assist employment services providers understand the scope of the accreditation of Bridge performed for the Department of Employment and Workplace Relations (the department). The accreditation assessment has been performed against the Information Security Manual (ISM) March 2023.

Bridge Accreditation Report.pdf

ISO 27001 risk assessment 

Created:

Provides a high-level overview of the concept of risk assessment and treatment in an ISO 27001 context

Management of third parties – life cycle

Created:

Explains the stages in the life cycle of third party vendors and highlights what providers should think about when contracting with third parties.

Management of Third Parties - Overview

Created:

Assists Providers identify their third parties, who is responsible for them and determine what impact the security of these entities have on a Provider’s environment.

RFFR Questionnaire

Created:
Modified:

Provides a high level view of a Provider's current security posture as a basis for discussion with the Cyber Security team at Milestone 1 in the RFFR process.

RFFR Statement of Applicability (SoA) Template

Created:
Modified:

The Statement of Applicability (SoA) template includes controls from contractual obligations, Australian Government Information Security Manual (ISM) and ISO27001 Annex A.

RFFR statement

Right Fit For Risk (RFFR) – Finding the right sponsor

Created:

Details the need to identify an internal sponsor to oversee the implementation of the customised ISO 27001 in all areas of the organisation

Scope template

Created:

Provides example headings and guidance for documenting the ISMS Scope in accordance with ISO27001 clause 4, while also communicating key elements of the business, systems and information associated with delivering the Services and describing the provider’s implementation of the RFFR Core Expectation areas.