DESE Information Security Management Systems

Certification Audits for DESE-ISMS at GCC

About DESE Information Security Management Systems

The Department of Education, Skills and Employment (DESE) outsources employment assistance for people looking for work to private service providers.As part of the contractual arrangements, all providers must be compliant with information security requirements that protect the privacy and secure information and infrastructure of the programs.
The DESE has mandated that all employment assistance providers must be compliant with their Information Security Management System (ISMS) scheme.The ISMS scheme includes elements of the ISO 27001 as well as requirements from the Australian Government Security Manual (ISM).

Getting certified under the DESE Information Security Management Systems Scheme. (JAS-ANZ Accredited Certification)

  • Undertake training on ISM Controls and ISMS
  • Implement the requirements across your organisation
  • Prepare all required documentation and information
  • Apply to GCC for a quote and book in your audit date
  • Certification Audit – Stage 1 and Stage 2
  • Maintenance – surveillance audits, recertification audit and organisational development

If your organisation is already certified with ISO 27001, the process will include a gap analysis to compare your current controls with the DESE ISMS.

Quick Quote

Fill out the form below to find out more

Focus of ISO 27001

ISO 27001 is the globally recognised framework for systematically organising and protecting their information systems.  The Information Security Management System (ISMS) contains all the resources, systems, tools, policies, controls, communication protocols and processes that manage information security in an organisation.

Focus of Australian Government Security Manual (ISM)

Australian Government Information Security Manual (ISM) outlined a cyber security framework that organisations can apply, using their risk management framework, to protect their systems and information from cyber threats. Cyber security principles within the ISM provide strategic guidance on how organisations can protect their systems and information from cyber threats. These cyber security principles are grouped into four key activities: govern, protect, detect and respond. Organisations should be able to demonstrate that the cyber security principles are being adhered to within their organisation.

Organisations seeking certification must prepare a Statement of Applicability, which is the central document in your Information Security Management System.

The scheme requires Organisations to be compliant with the latest controls, up to 3 months before their audit date to ensure they can effectively preserve the confidentiality, integrity, and availability of information.

Benefits of DESE ISMS Certification

  • Eligibility to tender for providers 
  • Gain credentials 
  • Avoid financial penalties from data breaches
  • Maintain trust with customers
  • Comply with regulatory requirements
  • Monitor and manage risks 

Certification Process

Certification involves GCC assessing your organisation in order to ascertain that management systems meet the requirements of one or more recognised standards. Becoming certified to a nationally or internationally recognised standard is of great benefit to an organization. It improves overall performance, builds confidence within stakeholder groups and broadens the scope of new opportunity.

Frequently Asked Questions

The requirements cover systems associated with the delivery of a provider service; Storage, processing, or communication of data related to delivering provider services; and Data, information and Records supporting the program.

A Statement of Applicability (SOA) is a document that states which of the ISMS controls and policies are being applied in an organisation.  Completing the Statement of Applicability is the first step to identifying and evaluating risks and implementing risk mitigation strategies. 

As part of their contractual arrangements, any service provider outsourced by the Department of Education, Skills and Employment (DESE) must comply fully with the DESE ISMS Scheme. This entails combining elements of an ISO 27001 certification with legal requirements indicated by the Australian Government Security Manual.

In essence, the DESE ISMS Scheme ensures that robust security systems protect applicants’ privacy. All data and information must be securely stored and handled per the scheme’s directives.

Your organisation may already have an ISO 27001 certification. In this case, becoming fully compliant with the DESE ISMS Scheme will include an analysis of any missing requirements compared with current directives.

The GCC’s dedicated team stands by to help you with your DESE ISMS Scheme requirements. Our brief, straightforward contact form is the best place to start. Just fill out a few simple details, sit back and let us guide you from there.

We at GCC take great pride in our highly-knowledgeable, professional team. They will assess your situation and guide you through your DESE ISMS Scheme compliance process. Analysing your particular business and giving advice on pertinent certifications that will enhance your business and its standing in the community.

Businesses feel the success of a DESE ISMS Scheme certification in several ways.

– Primarily, they are now eligible to tender quotes to the DESE.

– The business is now protected from any punitive financial outcomes resulting from breaches of information/data security.

– The acquisition of recognised credentials goes a long way towards building trust and positivity with potential and existing customers alike.

– Peace of mind knowing that your hard work is protected by full regulatory compliance.

– The ability to more effectively assess, monitor, and mitigate risks.

At GCC, we have made it our mission to ensure that our clients’ businesses are as comprehensively certified and robustly protected as they can be.

This list may not apply to every client we interact with. However, on a general basis, we like to see the following certifications in place:

  • AS/NZS 5377 E-Waste Management System
  • A multi-national standard developed to provide a coherent, consistent method of assessing e-waste management systems. The disposal of defunct electrical/electronic equipment is an issue that has grown exponentially over recent years.

    An agreed series of guiding principles and minimum requirements aim to:

    • Maximise the recovery of valuable materials and recycle others where possible, thereby reducing any negative environmental impact.
    • Drastically reduce the amount of non-recycled materials disposed of in an environmentally unsound manner.
    • Hazard Analysis Critical Control Points

    A critical framework of principles dealing with all aspects of food hygiene. Essential at every stage of food prod and handling. Including, but not limited to:

    • Production and processing
    • Manufacturing
    • Preparation and packaging
    • Storage and distribution
    • Retail and food service operation
    • Transport
    • ISO 45001 OH&S Management System

    As the latest international standard for OH&S Management Systems, ISO 45001 is a comprehensive framework tailored to assist organisations create a safe and healthy work environment for employees.

    This standard is aligned with the ISO 9001 and ISO 14001 standards and has replaced the OHSAS 18001 and AS/NZS 4801 standards. Its key focus is on preventing severe physical and mental injuries, as well as workplace fatalities, by implementing adequate controls and management systems. With the implementation of ISO 45001, organisations can enhance their performance, reduce risks and improve the overall safety culture.

  • ISO 9001 Quality Management System
  • As the most widely used QMS worldwide, ISO 9001 provides a universal baseline that companies of all industries and sizes can adopt. It allows organisations to demonstrate the capacity to consistently meet customer and legal requirements. The standard covers:

    • Documentation and planning that supports the Quality Management System
    • Leadership and responsibilities within the organisation
    • Responsible management of work environment and resources
    • Product development process
    • QMS analysis with corrective and predictive actions
    • Regular audits and reviews

    GCC Training

    Empower your team with our self-paced efficient training.

    Quality Management System - ISO 9001 Courses

    Find out more

    Environment Management System - ISO 14001 Courses

    Find out more

    OHS Management System - ISO 45001 Courses

    Find out more

    Integrated Management Systems (IMS) -ISO 9001, ISO 14001 and ISO 45001 Courses

    Find out more