DESE Information Security Management Systems
Certification Audits for DESE-ISMS at GCC
About DESE Information Security Management Systems
The Department of Education, Skills and Employment (DESE) outsources employment assistance for people looking for work to private service providers.As part of the contractual arrangements, all providers must be compliant with information security requirements that protect the privacy and secure information and infrastructure of the programs.
The DESE has mandated that all employment assistance providers must be compliant with their Information Security Management System (ISMS) scheme.The ISMS scheme includes elements of the ISO 27001 as well as requirements from the Australian Government Security Manual (ISM).
Getting certified under the DESE Information Security Management Systems Scheme. (JAS-ANZ Accredited Certification)
- Undertake training on ISM Controls and ISMS
- Implement the requirements across your organisation
- Prepare all required documentation and information
- Apply to GCC for a quote and book in your audit date
- Certification Audit – Stage 1 and Stage 2
- Maintenance – surveillance audits, recertification audit and organisational development
If your organisation is already certified with ISO 27001, the process will include a gap analysis to compare your current controls with the DESE ISMS.
Quick Quote
Fill out the form below to find out more
Focus of ISO 27001
ISO 27001 is the globally recognised framework for systematically organising and protecting their information systems. The Information Security Management System (ISMS) contains all the resources, systems, tools, policies, controls, communication protocols and processes that manage information security in an organisation.
Focus of Australian Government Security Manual (ISM)
Australian Government Information Security Manual (ISM) outlined a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and information from cyber threats. Cyber security principles within the ISM provide strategic guidance on how organisations can protect their systems and information from cyber threats. These cyber security principles are grouped into four key activities: govern, protect, detect and respond. Organisations should be able to demonstrate that the cyber security principles are being adhered to within their organisation.
Organisations seeking certification must prepare a Statement of Applicability, which is the central document in your Information Security Management System.
The scheme requires Organisations to be compliant with the latest controls, up to 3 months before their audit date to ensure they can effectively preserve the confidentiality, integrity, and availability of information.
Benefits of DESE ISMS Certification
- Eligibility to tender for providers
- Gain credentials
- Avoid financial penalties from data breaches
- Maintain trust with customers
- Comply with regulatory requirements
- Monitor and manage risks
Certification Process
Certification involves GCC assessing your organisation in order to ascertain that management systems meet the requirements of one or more recognised standards. Becoming certified to a nationally or internationally recognised standard is of great benefit to an organization. It improves overall performance, builds confidence within stakeholder groups and broadens the scope of new opportunity.
Application/ Contract
- Application for certification by client
- GCC will review and provide certification proposal
- Client accepts the agreement and return to GCC
- Audit dates will be booked
- GCC conducts Gap Analysis (optional)
Certification Audit/ Transfer
- Stage 1 Audit, The Audit team will assess documentation and readiness of management system for Stage 2 Audit
- Stage 2, Certification Audit, Audit team will assess implementation of system and will verify any issues outstanding from the Stage 1 Audit.
- Organisation will be recommended for Certification after review and positive decision by the independent GCC certification Authority,
- A Certificate will be issued
Maintaining certification
Surveillance Audits
Each issued certificate has a three-year life period. Upon certification, an audit program will be created for regular audits over the three-year period. These audits confirm company’s on-going compliance with specified requirements of the standard. At least one surveillance audit per year is required.
Read our policy for use of Certification Marks
Re-Certification
Re-Certification
The certification expires within 3 years and a re-certification Audit will be conducted prior to the expiry date to ensure that Management System is maintained.
Frequently Asked Questions
The requirements cover systems associated with the delivery of a provider service; Storage, processing, or communication of data related to delivering provider services; and Data, information and Records supporting the program.
A Statement of Applicability (SOA) is a document that states which of the ISMS controls and policies are being applied in an organisation. Completing the Statement of Applicability is the first step to identifying and evaluating risks and implementing risk mitigation strategies.
As part of their contractual arrangements, any service provider outsourced by the Department of Education, Skills and Employment (DESE) must comply fully with the DESE ISMS Scheme. This entails combining elements of an ISO 27001 certification with legal requirements indicated by the Australian Government Security Manual.
In essence, the DESE ISMS Scheme ensures that robust security systems protect applicants’ privacy. All data and information must be securely stored and handled per the scheme’s directives.
Your organisation may already have an ISO 27001 certification. In this case, becoming fully compliant with the DESE ISMS Scheme will include an analysis of any missing requirements compared with current directives.
The GCC’s dedicated team stands by to help you with your DESE ISMS Scheme requirements. Our brief, straightforward contact form is the best place to start. Just fill out a few simple details, sit back and let us guide you from there.
We at GCC take great pride in our highly-knowledgeable, professional team. They will assess your situation and guide you through your DESE ISMS Scheme compliance process. Analysing your particular business and giving advice on pertinent certifications that will enhance your business and its standing in the community.
Businesses feel the success of a DESE ISMS Scheme certification in several ways.
– Primarily, they are now eligible to tender quotes to the DESE.
– The business is now protected from any punitive financial outcomes resulting from breaches of information/data security.
– The acquisition of recognised credentials goes a long way towards building trust and positivity with potential and existing customers alike.
– Peace of mind knowing that your hard work is protected by full regulatory compliance.
– The ability to more effectively assess, monitor, and mitigate risks.
At GCC, we have made it our mission to ensure that our clients’ businesses are as comprehensively certified and robustly protected as they can be.
This list may not apply to every client we interact with. However, on a general basis, we like to see the following certifications in place:
A multi-national standard developed to provide a coherent, consistent method of assessing e-waste management systems. The disposal of defunct electrical/electronic equipment is an issue that has grown exponentially over recent years.
An agreed series of guiding principles and minimum requirements aim to:
- Maximise the recovery of valuable materials and recycle others where possible, thereby reducing any negative environmental impact.
- Drastically reduce the amount of non-recycled materials disposed of in an environmentally unsound manner.
- Hazard Analysis Critical Control Points
A critical framework of principles dealing with all aspects of food hygiene. Essential at every stage of food prod and handling. Including, but not limited to:
- Production and processing
- Manufacturing
- Preparation and packaging
- Storage and distribution
- Retail and food service operation
- Transport
- ISO 45001 OH&S Management System
As the latest international standard for OH&S Management Systems, ISO 45001 is a comprehensive framework tailored to assist organisations create a safe and healthy work environment for employees.
This standard is aligned with the ISO 9001 and ISO 14001 standards and has replaced the OHSAS 18001 and AS/NZS 4801 standards. Its key focus is on preventing severe physical and mental injuries, as well as workplace fatalities, by implementing adequate controls and management systems. With the implementation of ISO 45001, organisations can enhance their performance, reduce risks and improve the overall safety culture.
As the most widely used QMS worldwide, ISO 9001 provides a universal baseline that companies of all industries and sizes can adopt. It allows organisations to demonstrate the capacity to consistently meet customer and legal requirements. The standard covers:
- Documentation and planning that supports the Quality Management System
- Leadership and responsibilities within the organisation
- Responsible management of work environment and resources
- Product development process
- QMS analysis with corrective and predictive actions
- Regular audits and reviews
GCC Training
Empower your team with our self-paced efficient training.
Quality Management System - ISO 9001 Courses
Find out more
Environment Management System - ISO 14001 Courses
Find out more
OHS Management System - ISO 45001 Courses
Find out more
