DESE Information Security Management Systems
Certification Audits for DESE-ISMS at GCC
About DESE Information Security Management Systems
The Department of Education, Skills and Employment (DESE) outsources employment assistance for people looking for work to private service providers.As part of the contractual arrangements, all providers must be compliant with information security requirements that protect the privacy and secure information and infrastructure of the programs.
The DESE has mandated that all employment assistance providers must be compliant with their Information Security Management System (ISMS) scheme.The ISMS scheme includes elements of the ISO 27001 as well as requirements from the Australian Government Security Manual (ISM).
Getting certified under the DESE Information Security Management Systems Scheme.
- Undertake training on ISM Controls and ISMS
- Implement the requirements across your organisation
- Prepare all required documentation and information
- Apply to GCC for a quote and book in your audit date
- Certification Audit – Stage 1 and Stage 2
- Maintenance – surveillance audits, recertification audit and organisational development
If your organisation is already certified with ISO 27001, the process will include a gap analysis to compare your current controls with the DESE ISMS.
Fill out the form below to find out more
Benefits of DESE ISMS Certification
- Eligibility to tender for providers
- Gain credentials
- Avoid financial penalties from data breaches
- Maintain trust with customers
- Comply with regulatory requirements
- Monitor and manage risks
Note: This program is not accredited by JAS-ANZ.
Certification involves GCC assessing your organisation in order to ascertain that management systems meet the requirements of one or more recognised standards. Becoming certified to a nationally or internationally recognised standard is of great benefit to an organization. It improves overall performance, builds confidence within stakeholder groups and broadens the scope of new opportunity.
- Application for certification by client
- GCC will review and provide certification proposal
- Client accepts the agreement and return to GCC
- Audit dates will be booked
- GCC conducts Gap Analysis (optional)
Certification Audit/ Transfer
- Stage 1 Audit, The Audit team will assess documentation and readiness of management system for Stage 2 Audit
- Stage 2, Certification Audit, Audit team will assess implementation of system and will verify any issues outstanding from the Stage 1 Audit.
- Organisation will be recommended for Certification after review and positive decision by the independent GCC certification Authority,
- A Certificate will be issued
Each issued certificate has a three-year life period. Upon certification, an audit program will be created for regular audits over the three-year period. These audits confirm company’s on-going compliance with specified requirements of the standard. At least one surveillance audit per year is required.
The certification expires within 3 years and a re-certification Audit will be conducted prior to the expiry date to ensure that Management System is maintained.
Frequently Asked Questions
The requirements cover systems associated with the delivery of a provider service; Storage, processing, or communication of data related to delivering provider services; and Data, information and Records supporting the program.
A Statement of Applicability (SOA) is a document that states which of the ISMS controls and policies are being applied in an organisation. Completing the Statement of Applicability is the first step to identifying and evaluating risks and implementing risk mitigation strategies.