Simple, stress-free Right Fit for Risk compliance
Right Fit For Risk
The Australian Government’s Department of Employment and Workplace Relations uses the External Systems Accreditation Framework and the Right Fit for Risk assurance approach to assess and accredit third party service providers and systems.
de.iterate makes compliance with the framework simple and stress-free for businesses of all sizes.
The de.iterate platform encompasses a suite of policies and templates, employee training modules, a risk register, a compliance calendar, reporting tools and more.
What is it?
The Department’s External Systems Assurance Framework (ESAF) secures data by accrediting providers and systems against the Protective Security Policy Framework, ensuring robust security measures.
The Right Fit for Risk program complements this by tailoring cyber security evaluations to each provider’s risk profile, aligning with ISO 27001 and the Information Security Manual.
Right Fit for Risk promotes a systematic approach to security, requiring providers to meet specific milestones, ensuring their information security management systems are comprehensive and up-to-date. Together, these frameworks help uphold the highest standards of data protection and security management.
Why comply?
Complying with the Department’s External Systems Assurance Framework and Right Fit for Risk program offers companies multiple benefits, including enhanced cyber security and risk management.
It not only solidifies your reputation as a trustworthy partner by demonstrating a commitment to data protection and security but also aligns your operations with industry-leading standards. This helps ensure you are prepared for evolving cyber threats and regulatory demands, reducing potential legal and financial liabilities.
It also opens up opportunities for collaboration with the Department, granting access to a broader network and resources, supporting business growth and stability.
Stay protected and proactive with de.iterate and the Right Fit for Risk program
Benefits of compliance
For You (and Your Company)
- Safeguards your intellectual property (IP), brand and reputation
- Enhances your credibility and reputation to win new and retain existing clients
- Improves efficiency by enhancing internal processes to save time and money
- Avoids the costs associated with remedial action due to breaches or incidents
For Your Team
- Instils trust and confidence in company sustainability and long-term viability
- Provides clear guidelines so employees understand their role in data protection
- Improves person development, with training in data security extending beyond the workplace to employees’ personal lives
For Your Customers
- Enhances trust and assurance of security and confidentiality of their data, fostering stronger relationships
- Lowers the risk of costly breaches, mitigating potential financial impacts on customers
- Streamlines supplier onboarding for your customers, reducing costs and time
Frequently Asked Questions
What is the External Systems Accreditation Framework?
What is the Right Fit for Risk program?
The RFFR is the Australian Government’s Department of Employment and Workplace Relations risk-based approach to gain comfort about the state of cyber security for contracted providers and systems. It includes requirements in relation to provider and system accreditation based on the:
- ISO 27001 Information security management systems – the international standard outlining the core requirements of an Information Security Management System.
- Australian Government Information Security Manual (ISM) – the Australian Government’s cyber security framework to protect systems and data from cyber threats.
Who is the accreditation process applicable to?
The Australian Government’s Department of Employment and Workplace Relations is the accrediting authority and is required to assess and verify providers as meeting the requirements under the Right Fit for Risk (RFFR) framework. This accreditation process is applicable to:
- Employment Services Providers
- Australian Apprenticeships Support Network Providers
- Certain Skills program Providers and
- Third Party Employment and Skills systems (TPES) vendors
How do I implement the principles and guidelines outlined in the External Systems Accreditation Framework?
You’re in luck, de.iterate will provide you with all the practical items you need to implement to meet the standard, and a suite of tasks to help you demonstrate you have implemented them too. If you have the IT talent in-house to do this yourself you will find it easy, if not we have a list of IT partners who are on standby to help.
How long does it take to implement the External Systems Accreditation Framework and ensure compliance?
The External Systems Accreditation Framework implementation process can take anywhere from a few hours to a few weeks, depending on your pace. Once you’re onboard in de.iterate, you’ll have all the tools and information you need to get certified in the fastest, easily way possible.
Can I be certified to the External Systems Accreditation Framework and Right Fit for Risk?
If we could, we would. But unfortunately no such certification exists. Don’t worry though, using de.iterate effectively demonstrates to your customers, the privacy regulator and your insurers that you take security seriously and have considered all the elements of data security and data privacy.
How much does compliance cost?
de.iterate has price plans available to suit just about any size business. We can help you work out which plan is right for you.Talk to one of the team today about your options at hello@deiterate.com.
Our pricing
Our simple monthly subscription model is built to be affordable for everyone from small start-ups, through to huge enterprises.
BASIC
The starting line for cyber defence. Perfect for start ups and small companies embarking on compliance.
- 1 x compliance framework
- BYO policies
- BYO assurance program
- 1 x user
- 1 x domain name
- Risk register
- Asset register
- Incident register
- Compliance calendar
- Evidence store
- ISMS scope and manual
- Compliance reports
- AI-powered assistant
- Admin panel
- Microsoft and Google SSO
*Certification audit fees are not included in monthly subscription. Contact us for details.
COMPLETE
Our most popular package, offering expansive tools and templates for businesses ready to boost their compliance.
Everything in Basic, plus…
- Access to all compliance frameworks
- Templated policies
- Automated assurance program with itemised tasks
- Unlimited users
- Library of ready-to-use controls
- Templated key documents
- Dedicated auditor portal
- Dynamic privacy policy
- Customised trust centre
- Smart policies for employee training
- Automated onboarding for easy set-up
*Certification audit fees are not included in monthly subscription. Contact us for details.
ADVANCED
The ultimate in tailored cyber security compliance, offering fortified, bespoke solutions for complex enterprise needs.
Everything in Advanced, plus…
- Custom compliance standards
- Import an unlimited number of policies
- Dedicated help and advice
- Personalised one-on-one onboarding and set up with a de.iterate expert
- Certification assistance
- Personalised audit support from a de.iterate expert
*Certification audit fees are not included in monthly subscription. Contact us for details.