RFFR Statement of Applicability (SoA) Template

If you have trouble accessing this document, please contact us to request a copy in a format you can use.

The Statement of Applicability (SoA) template includes controls from contractual obligations, Australian Government Information Security Manual (ISM) and ISO27001 Annex A.

Please note that:

  • The SoA template is mandatory and must be used for RFFR accreditation
  • The department will continue to support Providers who have previously used their own modified version of a SoA as an interim arrangement. This is on the basis that all applicable controls are adequately addressed, and all required fields from the below template are included
  • The department will assist Providers using their own SoA in transitioning to the department’s SoA template over the following 12 months, depending on individual circumstances and RFFR timeframes
  • The SoA template ensures Providers are consistent with their assessment of applicable controls, and delivers an assurance that all ISM, ISO and RFFR contractual obligations are addressed by all Providers
  • The SoA template is updated each quarter to align with the ISM that is available on the Australian Cyber Security Centre’s website.

The current SoA template is based on the March 2024 ISM.

Providers who have upcoming certification or surveillance audits are encouraged to use the latest template which is available below.

March 2024 statement
Creation Date
Modified date
FOI Reference
The Department
Department of Employment and Workplace Relations
Department of Employment and Workplace Relations
Publication Category
Departmental document
English / Australian English

We aim to provide documents in an accessible format. If you're having problems accessing a document, please contact us for help.