DESE Information Security Management Systems

Certification Audits for DESE-ISMS at GCC

About DESE Information Security Management Systems

The Department of Education, Skills and Employment (DESE) outsources employment assistance for people looking for work to private service providers.As part of the contractual arrangements, all providers must be compliant with information security requirements that protect the privacy and secure information and infrastructure of the programs.
The DESE has mandated that all employment assistance providers must be compliant with their Information Security Management System (ISMS) scheme.The ISMS scheme includes elements of the ISO 27001 as well as requirements from the Australian Government Security Manual (ISM).

Getting certified under the DESE Information Security Management Systems Scheme. (JAS-ANZ Accredited Certification)

  • Undertake training on ISM Controls and ISMS
  • Implement the requirements across your organisation
  • Prepare all required documentation and information
  • Apply to GCC for a quote and book in your audit date
  • Certification Audit – Stage 1 and Stage 2
  • Maintenance – surveillance audits, recertification audit and organisational development

If your organisation is already certified with ISO 27001, the process will include a gap analysis to compare your current controls with the DESE ISMS.

Quick Quote

Fill out the form below to find out more

Focus of ISO 27001

ISO 27001 is the globally recognised framework for systematically organising and protecting their information systems.  The Information Security Management System (ISMS) contains all the resources, systems, tools, policies, controls, communication protocols and processes that manage information security in an organisation.

Focus of Australian Government Security Manual (ISM)

Australian Government Information Security Manual (ISM) outlined a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and information from cyber threats. Cyber security principles within the ISM provide strategic guidance on how organisations can protect their systems and information from cyber threats. These cyber security principles are grouped into four key activities: govern, protect, detect and respond. Organisations should be able to demonstrate that the cyber security principles are being adhered to within their organisation.

Organisations seeking certification must prepare a Statement of Applicability, which is the central document in your Information Security Management System.

The scheme requires Organisations to be compliant with the latest controls, up to 3 months before their audit date to ensure they can effectively preserve the confidentiality, integrity, and availability of information.

Benefits of DESE ISMS Certification

  • Eligibility to tender for providers 
  • Gain credentials 
  • Avoid financial penalties from data breaches
  • Maintain trust with customers
  • Comply with regulatory requirements
  • Monitor and manage risks 

Certification Process

Certification involves GCC assessing your organisation in order to ascertain that management systems meet the requirements of one or more recognised standards. Becoming certified to a nationally or internationally recognised standard is of great benefit to an organization. It improves overall performance, builds confidence within stakeholder groups and broadens the scope of new opportunity.

Frequently Asked Questions

What is covered in the Information Security Management System?

The requirements cover systems associated with the delivery of a provider service; Storage, processing, or communication of data related to delivering provider services; and Data, information and Records supporting the program.

What is a Statement of Applicability?

A Statement of Applicability (SOA) is a document that states which of the ISMS controls and policies are being applied in an organisation.  Completing the Statement of Applicability is the first step to identifying and evaluating risks and implementing risk mitigation strategies. 

GCC Training

Empower your team with our self-paced efficient training.

Quality Management System - ISO 9001 Courses

Find out more

Environment Management System - ISO 14001 Courses

Find out more

OHS Management System - ISO 45001 Courses

Find out more

Integrated Management Systems (IMS) -ISO 9001, ISO 14001 and ISO 45001 Courses

Find out more