By Martin Quinn (Principal Consultant) 29 July 2015
With the introduction of the Department of Employment’s (DoE) JobActive initiative, the way job services providers work with the department has been turned on its head.
The Department of Employment JobActive program requires providers to be certified and compliant with the minimum requirements of Information Security Manual (ISM) mandated by Australian Signals Directorate (ASD) from the beginning of the 2015 financial year.
The ISM defines the minimum standards that government agencies must maintain to operate securely and in ensure the security of data. It aims to define overall good security practices, to reduce the risk of compromise and maintain the three tenants of information security (Confidentiality, Integrity and Availability)
This has created an air of anxiety and nervousness within the job services arena, mainly due to providers not having ever had to adhere to such stringent compliance requirements and those non-compliant providers may not have access to the department’s data. That said DoE has defined a roadmap within the deed, defining the path how providers can achieve compliance.
There are several milestones defined within the deed, the first being a gap analysis of where the organisation currently stands in comparison to the ISM and ultimately becoming compliant.
This first step is designed to illustrate the current security posture of the organisation, allowing it to focus on items which pose the greatest threat and risk to the business (and by proxy DoE), and shows the difference between where the company currently is and where it needs/wants to be.
After this has been conducted, the business can develop and improvement plan, and begin to define the scope of applicability (SOA). The SOA is ultimately what defines what the organisation will be held accountable to in relation to the ISM, and how it conducts operations. The SOA is how ASD and DES understand how the provider is compliant, and is independently assessed/audited by an IRAP assessor.
This is where Intact Security can assist. We are working providers within the job services sector (JobReady, CoAct) and have a good grasp of where their strengths and sore points lie. Not only this, we are IRAP assessors and ISO 27001 Lead Auditors, enabling us to provide advice on how to achieve compliance and meet deed and ISM requirements. We have more than 18 years of technical and non-technical experience in information security.
Intact Security are in regular contact with DoE, ASD and providers to communicate feedback, address issues and bridge any concerns parties may have, this ensures a smooth transition and that there are no gotchas along the way.
Intact Security offer several options to assist in becoming compliant, whether it be a full document, extensively assisted option to a low touch, minimalistic guidance approach, Intact Security can tailor your certification prep so that you achieve compliance first go.
If, you’re concerned about how to deal with the ISM, IRAP or the DoE deed, give Intact Security a call today, for a no obligation discussion or follow this link and we’ll call you
Relax your security is INTACT
Author: Intact Security