National Information Security Compliance Framework (NISCF)
The National Information Security Compliance Framework (NISCF) structures our approach to aligning ICT programs, systems and services with good practice for protecting digital infrastructure and data. It supports alignment with our laws and regulations by providing a means, through certification, to evidence compliance with the standards of our National Information Assurance Framework (NIAF).
The National Information Security Compliance Framework helps to support the achievement of our National Cyber Security Strategy; it complements our National Information Assurance Framework (including wider applicable information security legislation, regulation and standards) to establish a safe and vibrant cyberspace.
Compliance is a continual process and one that relies on open relationships between the Accreditation Body, Certification Body, Service Providers, and, Customers. It requires establishing a cycle of verification and validation to assure the on-going quality of services and to remediate any changes that may impact upon those services.
Accreditation is the formal recognition that an organization is competent to perform specific services, activities or tasks in a consistent, reliable and precise manner. It must be performed impartially, and the process must remain objective, transparent and consistent to ensure reliability and trustworthiness.
For Service Providers
For Service Providers, accreditation is a beneficial pursuit. It gives Service Providers authorization to perform controlled services within the Government Sector, providing a competitive advantage and opportunity to further promote Service Provider Services.
Aside from differentiating a Service Provider’s service offering (and enabling access to controlled markets), accreditation can provide confidence to the private sector and Critical Sector Organizations concerning the quality of services. This supports Services Providers in developing new business relationships, maintaining existing business relationships and provides a mechanism to further promote service offerings.
Accreditation also has the added economic benefit of promoting competition within the marketplace and provides greater access to opportunities for small and medium-sized businesses.
For Government Agencies, Critical Sector Organizations and Private Sector Businesses
Accreditation is increasingly being recognized as a valuable tool by which to establish a measure of quality which has the added benefit of helping to establish confidence in services and Service Providers. Accreditation for audit services is issued to Service Providers to showcase capability in the performance of independent assessments against international and national standards, at both the business and individually, preserving the integrity of the certifications and ultimately the international or national standards themselves.
Through accreditation Government Agencies and other businesses may confidently outsource specific activities or functions that may only be required on a limited basis or may over-extend the capabilities or responsibilities of existing business functions.
The Compliance and Data Protection (CDP) department has established, consistent transparent and repeatable processes and procedures to support the accreditation of Service Providers for specific Service Areas, including:
- Audit Services