Scheme development helping to ensure a compliance with information security requirements and protect Australian national security
Compliance with information security standards is of utmost importance for both private sector companies and public sector organisations. In Australia, there is legislative framework in place that includes several important laws and regulations aimed at protecting information and digital infrastructure, including the Privacy Act 1988, the Australian Prudential Regulation Authority (APRA) Prudential Standard CPS 234 for information security, and specific sector regulations. Australia is also a signatory to the General Data Protection Regulation (GDPR) through its trade agreement with the European Union. Non-compliance with these regulations can result in hefty fines and penalties, and potentially significant reputational damage.
Whilst compliance with information security standards requirements can be complex, a conformity assessment scheme can help. A conformity assessment scheme in its simplest terms is a set of requirements and procedures that establishes how a conformity assessment body will undertake the certification of a system, product, process, service or person against specified requirements or standard.
The client
The Australian Department of Education, Skills and Employment (DESE, now DEWR, the Department of Employment and Workplace Relations).
The problem
In 2020, DESE faced the problem of how to provide quality assurance and ensure a systematic and transparent approach to information security compliance for the broad network of employment private providers who provide services to the Department.
For the Department, a primary objective was to ensure compliance for both the participant and with the Australian Governments Information Security requirements. The Department rightly understood that that this objective was particularly important given the linkage with data sovereignty, national security, employment and the overall economic well-being of Australia.
The solution
To address this problem, the Department engaged with JASANZ in a scheme development program that involved a carefully selected committee of information security technical, quality and functional experts. The team developed an accredited, proprietary scheme for the Department that took the base requirements of core information security standards and significantly augmented them in key focus areas, including data sovereignty and competency.
The outcome
The result has been a discernible increase in information security compliance by service providers based on the application of clear accreditation requirements which are systematically assessed by JASANZ. The Department and JASANZ regularly liaise and share information with the overall objective being to lift performance of all stakeholders and thereby contribute to the economic growth of Australia.
Summary
JASANZ works with scheme owners who want assistance with the design and development of schemes. We use our extensive experience to help organisations create schemes based international best practice to meet their stakeholder needs.
Schemes support market transactions or the delivery of public services – in this case, the compliance with information security requirements for a Government Department.
