Right Fit For Risk

Right Fit For Risk

Right Fit For Risk (RFFR) is a component of DESE’s External Systems Assurance Framework (ESAF) that ensures system files and confidential data are secured, stored and managed responsibly in non-departmental ICT environments.

The RFFR approach requires the implementation of an Information Security Management System. It also seeks to obtain an organisation with applicable ISO 27001 controls and certification. This means in addition to the 10 Clauses and 114 annex A controls related to ISO/IEC 27001, your scope should – at a minimum – incorporate all ISM controls.

Applying For Certification

When you apply for RFFR ISMS certification of your Information Security Management System, our auditors will examine your systems and supporting documentation.

Organisations are required to meet following criteria;

  • Develop ISMS Policies, Procedures and Manuals
  • Identify information security risks, assessment and treatment options
  • Establish a Cyber Security Strategy
  • Prepare a Statement of Applicability, which incorporates RFFR controls
  • Measure, Monitor and Plan continuous Improvement
  • Self-Assessment against RFFR (Internal audit of applicable controls)
  • Staff training and awareness

Benefits of DESE ISMS Certification:

Contractual compliance with DESE

  • meeting tender requirements and standing out from the competition
  • ensures compliance with best practices and principles of cybersecurity (Confidentiality, Integrity and Availability triad)
  • reduced risk, information loss and disclosure
  • increased resilience of cyber security
  • ensures workplace confidentiality and improved company culture, and it is easily integrated with other management systems.

Our Specialist Consultants Are Here To Help

This page has discussed the benefits of implementing RFFR, clearly explaining how it is an effective method for protecting a businesses confidential data, and keeping the operations running smoothly. To find out more about how this service could help your business achieve its compliance goals then please contact our specialist consultants today by filling out this simple online Contact Us form, or by calling them on 1300 802 163 for a short, obligation-free consultation.


We can help you to get your business ISO Certified.

    Leave your details and we will be in touch with you within 24 hours.

    GET IN TOUCHAnitech Social Links
    Taking seamless key performance indicators offline to maximise the long tail.

    Copyright @ 2020. All Rights reserved.