Right Fit For Risk Cyber Security Accreditation

The process of accrediting external IT systems and Providers to protect against cyber threats.

The Department is responsible for protecting information and data collected and stored in the administration of its programs, including when programs are delivered with the assistance of external Providers and when external IT systems interact with the Department’s IT systems. To ensure sensitive information is collected, stored and managed securely, the Department requires all contracted Providers and vendors of external IT systems interacting with the Department’s IT systems to meet and comply with certain requirements in relation to IT security.

The Department’s Right Fit For Risk (RFFR) Accreditation signifies that a Provider or external IT system has met these requirements. The Department uses its own RFFR assurance approach to assess and accredit Providers and external IT systems.


RFFR Statement of Applicability (SoA) template updated - March 2023

Changes from the previous version are listed in the 'Info' tab of the template.

Man standing with laptop