Standard

DEWR Information Security Management Systems (ISMS) Scheme

Help service providers maintain a secure and trustworthy environment for handling sensitive information with DEWR (previously DESE) ISMS scheme.

DEWR Information Security Management Systems (ISMS) Scheme help you to safeguard sensitive information by enforcing secure handling and storage practices.

Demonstrate your commitment to information security and continuous improvement with ongoing monitoring and review of security practices to adapt to evolving threats and maintain compliance.

As a service provider, compliance to information security management systems with sufficient security measures in place and cyber security risks management is a contractual requirement. Certification for information security scheme meets the department’s criteria to safeguard confidential data stored outside department’s ICT environment and helps fulfil your contractual obligation.

Products & Services

Implement an ISO/IEC 27001 - Information security management system

Embed a deep understanding of ISO/IEC 27001 and give your team the skills to manage and audit your Information Security Management System (ISMS).

Get the Standard

Buy the BS EN ISO/IEC 27001 standard

Get your copy of BS EN ISO/IEC 27001 or subscribe to get all the standards you need.

Visit the shop

Training

ISO/IEC 27001 training courses

Equip your team with the skills and knowledge to implement an information security management system.

Find a course

Get Certified

ISO/IEC 27001 certification

Get independent assessment and gain certification for your information security management system.

Get started

Protect your organization's information by implementing the DEWR ISMS Scheme

Comply with DEWR Information Security Management Systems (ISMS) Scheme to address evolving information security risks and unlock new opportunities.

Demonstrates your commitment to protecting customer information and sustaining customer confidence.
Access to new market opportunities.
Monitor and manage risks.
Ensure regulatory and industry compliance.
Lower the likelihood of staff-related information security breaches.
Meet Right Fit for Risk (RFFR) contractual obligations.

Creating Impact

Helping you show your commitment to safeguarding customer information

Based on ISO 27001, ISM, and RFFR, the scheme protects people, processes, and IT infrastructure.

Get in touch

FAQs

Find answers to the most common questions about DEWR (previously DESE) Information Security Management Systems (ISMS) Scheme

Learn more about DEWR Information Security Management Systems (ISMS) Scheme

The RFFR is the DEWR’s risk-based approach to understand cyber security posture of the contracted providers. This program requirements is based on ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements (ISO/IEC 27001) standard and Australian Government Information Security Manual (ISM) framework to protect systems, data and cyber threats.
All providers are expected to ensure security controls that support core areas are identified and implemented to enhance security posture. The core expectation include personnel security, physical security and cyber security. The cyber security core expectation includes essential eight security strategies, risk management security monitoring, security incident management and access controls.
Category 1 providers are required to meet either ISO/IEC 27001 or DESE ISMS scheme. RFFR does not require to have both audits completed. For a category 2A provider self-assessment against ISO/IEC 27001 with applicable implemented controls need to be reviewed. For category 2B provider implementation of controls with specific security objectives needs to be self-assessed by the provider.
Contact us to learn the easy way to journey through our DESE ISMS scheme certification process from application to certification decision. Our client services team will walk you through the certification process step by step.

Get in touch
DEWR ISMS Scheme audit can be commenced within 6-8 weeks of application. However, the timeframes may vary based on provider requirements and their readiness to undertake an audit.
Certification demonstrates compliance with Right Fit for Risk (RFFR) requirements, your commitment to security sensitive data and enhance your information security governance.