Thirdpartyitprovider(TPITP)Deed,Certificationandaccreditation

ThirdPartyITProvider(TPITP)Deed,CertificationandAccreditation

TheDepartmentisrequiredtocomplywiththe:

Attorney-General’sDepartment,ProtectiveSecurityPolicyFramework(PSPF)
DepartmentofDefence,InformationSecurityManual(ISM)
PrivacyAct

ProvidersusingasystemotherthantheDepartment’sITSystemsmustcomplywiththesecurityrequirementssetbytheDepartment.

InaccordancewiththejobactiveDeed(clause32.2),ProvidersarerequiredtonotifytheDepartmentiftheyintendtouseaThirdPartySystem.ProvidersmustnottransferelectronicRecordsto,orstoreelectronicRecordswiththirdpartydatahostingentities,includingcloudstorageproviders,withoutthepriorwrittenapprovaloftheDepartment.

ProvidersmayonlyuseaThirdPartySystemiftheThirdPartyITProvider(TPITP)hasenteredintotheThirdPartyITProviderDeedwiththeDepartment.TheTPITPDeedcreatesadirectlegalrelationshipbetweentheDepartmentandtheTPITPwhichisindependentofthecontractedjobactiveProvider.ThiswillenhancetheDepartment’sabilitytoenforceremedieswithaTPITPshouldtheneedarise.TheTPITPDeedrequiresthattheTPITP’sITsystemisassessedandaccreditedashavingappropriatecontrolstoaddresssecurityanddataprotectionrisks,andthatthesystemisconsistentinusagewiththeDepartment’sITSystems.TheTPITPDeedwillensurethatanyThirdPartyITsystemhasahighstandardofcontrolofsensitiveandpersonaljobseekerinformation.

Allsystemsmustensuretheprivacyandsecurityoftheinformationtheyhold.InaccordancewiththejobactiveDeed(clause32.4),in-housesystemsusedinsteadoforasanadd-ontotheDepartment’sITSystems(i.e.ProviderITSystems)willalsoneedtocomplywiththesecurityrequirementsprovidedintheStatementofApplicability.

RecordsinThirdPartySystemsneedtobedealtwithinaccordancewiththeRecordsManagementInstructions(RMI).

ThefollowingorganisationshaveexecutedThirdPartyITProviderDeedswiththeDepartment:

BESoftwareInternationalPtyLtd
JNSolutions
JobReady
MyWorkSearchPtyLtd
SelwayandWeewandaPtyLtd(akaKVInteractive)
SonetSystemsPtyLtd
SecureYourDomainPtyLtdTradingasDataNova
BucanHoldingsPtyLtdTradingasAxelera
BrennanIT
BrennanVoice

Certification

CertificationisawardedbytheDepartmentafteraninitialassessmentbyanInformationSecurityRegisteredAssessorsProgram (IRAP)AssessorissubmittedandacceptedbytheDepartment.ThereportsubmittedtotheDepartmentmayincludeunimplementedcontrols.

Before1January2016

Before1January2019there-certificationagainstthefullISMfromaregisteredIRAPassessormustbesubmittedtotheDepartmentforassessment.

Accreditation

ThirdPartySystemsmustbeaccreditedagainsttheISMwithinsixmonthsofenteringintoanagreementwiththeDepartment.

TheDepartmentwillmaintaintheaccreditationauthorityanddetermineifthe IRAPauditandassessmentiscompletedandacceptable.

AccreditedThirdPartyITProviders

ThefollowingprovidershavebeenaccreditedbytheDepartmentupto,andincluding,UNCLASSIFIED(DLM)aspertheAustralianGovernmentsecurityclassificationscheme.

BeSoftware—iinsightandiignitesystems
JNSolutions—BridgeandAnalyticssystems
MyWorkSearch–Aptemsystem(InterimApproval to Operate)
JobReady – Neptune system
SoNET – iCase system

TheDepartmentaccreditsselectsystemsnottheentireprovider.

Forfurtherdetails,pleasecontacttheDepartmentbyemailingthefollowingmailbox:.