How GCC aims to help you become DESE ISMS Certified
In Australia, people looking for employment assistance are directed to one of several companies that the Department of Education, Skills and Employment (DESE) has contractual agreements with. In order to ensure that these contracted providers are handling data in a secure way, they must undergo audits that confirm they are meeting the expected standards. As of April 2021, the DESE requires all contracted providers of employment assistance to be compliant with their Information Security Management System (ISMS) scheme. Together with JAS-ANZ, the DESE introduced the DESE ISMS earlier this year to improve the standards that the DESE’s contracted employment assistance providers must adhere to.
Whilst the DESE ISMS is largely similar to the better-known and more widely used ISMS standard ISO 27001, it also contains new elements that ensure a more rigorous system is in place for keeping information secure. One key difference is that the audit duration is longer, allowing accredited auditors to more comprehensively determine the employment assistance provider’s adherence to the DESE’s required standards.
The DESE ISMS also incorporates elements of the Australian Government Security Manual (ISM Manual). This move attempts to bring about an element of coherence among the ISMS schemes used by various governmental departments, bringing all ISMS schemes up to the required level.
The importance of ISMS schemes is widely understood; private companies providing a government service must operate with the level of security people expect from groups handling private, personal information. When the standards required by ISMS such as the DESE ISMS scheme are not consistently met, data leaks are more likely, leading to outside parties gaining access to sensitive information. In 2020 alone, there were 1,051 data leaks within Australia, with around half of these occurring due to human error. This shows there is a great need for more robust information security management systems.
Key to maintaining your DESE ISMS accreditation is the continuous upholding of these standards. Maintaining the standards set out by the DESE ISMS scheme ensures that your customers’ private information is kept safe and secure.
The process for becoming DESE ISMS certified is simple and is led by an accredited certification body, like GCC. GCC has applied to become an accrediting body and looks forward to helping companies through the DESE ISMS certification process. If you are already ISO 27001 certified, a gap analysis would be completed to consider which areas need improving upon to reach the new DESE ISMS standards.
Australian Government Information Security Manual (ISM)
The Australian Government Information Security Manual (ISM) has been developed to outline a cyber security framework. The organisations can apply ISM in line with their risk management framework, to protect their data, information and systems from cyber threats.
Cyber security principles
The cyber security principles within the ISM provides strategic guidance on how organisations can protect their data, information and systems from cyber threats and attacks. These cyber security principles are grouped into four key activities:
- Govern: Identifying and managing security risks.
- Protect: Implementing security controls to reduce security risks.
- Detect: Detecting and understanding cyber security events.
- Respond: Responding to and recovering from cyber security incidents.
Organisations should be able to demonstrate that the cyber security principles are being adhered to within their organisation.
Further information about DESE ISMS: DESE ISMS
Further information about ISO 27001: ISO 27001
Further information about certification process: Certification Process
Request a quote for certification: Request a quote