Castle is a not-for-profit organisation, formed by members of the community, to support people with a disability in our community.
Since first opening its door in 1991, Castle has helped more people with disabilities – including mental health conditions, chronic illnesses and injuries obtain and sustain employment contributing to changing lives in a meaningful way to individuals, as a leading organisation in the Newcastle, Hunter, and Central Coast regions.
With over 170 staff in over 10 locations, Castle delivers Disability Employment and NDIS services to over 2000 people locally, and their long-standing partnerships with local employers have an enormous positive impact on their participants’ lives, and local businesses.
Australian organisations are under increasing scrutiny around the security-orientated relationship they have with their own business data, as well the ways in which they ensure the safety and privacy of participant information. With workplaces today relying on technology, systems, internet and digital solutions for their daily operations, data security program has been developed on how information collected by businesses should be used, retained, accessed and secured.
For providers of employment skills training and disability employment services, like Castle, the Australian Federal Government, and more specifically, the Department of Education, Skills, and Employment (DESE), has developed the DESE Information Security Management Systems (ISMS) Scheme – Right Fit for Risk. This Scheme outlines the requirements for organisations to handle information entrusted in them, securely through collaboration of People, Policies, Processes and Technology.
The DESE ISMS Scheme
This Scheme is designed to ensure the access, storage, processing, and communication of information related to operations and delivering employment services remains confidential and secure and includes:
- Global security standard requirements (known as ISO 27001);
- Additional controls from the Australian Government Information Security Manual (ISM); and
- A risk-based framework, known as Right Fit For Risk (RFFR).
With compliance against the DESE ISMS Scheme becoming a standard requirement for the approval of funding for new tenders as well as contract renewals, by the Department, Castle was faced with the potential interruption of operational growth.
To ensure Castle was able to continue contractual obligations linked to critical funding, they engaged Diamond IT’s Business Technology Consulting team to initiate and support them to commence the DESE ISMS Scheme accreditation process.
“Continual improvement is something Castle values highly, both in our approach to information security and in the way we deliver services to our community. Engaging with a partner, like Diamond IT, who could help navigate the complexities of the evolving risk controls made us confident that the commencement of our journey of the RFFR through readiness and planning, was in expert hands.” – Linda Martin, Manager of Governance, Risk & Ethics
The detailed preparation and coordination of Castle’s planned DESE ISMS Scheme activity began in 2021.
Diamond IT’s approach to supporting Castle with DESE ISMS Scheme compliance, required the undertaking and completion of a detailed gap analysis to demonstrate Castle’s current security posture and compliance position. This analysis – titled the Readiness Project – was a critical step in identifying the information required to make an informed decision for future planning activities and potential solutions.
No small task, the analysis phase of the DESE ISMS Scheme accreditation process required lengthy stakeholder consultation from each business department to be balanced with technical scrutiny and evaluation.
With a view of also future-proofing Castle’s risk management strategies, Diamond IT’s Business Technology Consultants worked closely with key stakeholders to:
- Identify and define the scope of coverage.
- Coordinate and complete the Statement of Applicability, including the review of over 700 risk controls.
- Coordinate and complete the associated self-assessment report in preparation for submission.
Passing the first milestone
The domain expertise and lived experience Diamond IT brought to the partnership resulted in Castle achieving the first milestone of the DESE ISMS Scheme accreditation.
Once this milestone was reached, Diamond IT supported Castle with the development of a clear and concise roadmap of the security-related remediation adjustments needed to be made to continue accreditation compliance. This roadmap provided expertise to quantify the impact these remediation adjustments would have on the organisation, and further demonstrated a confident and transparent plan of continual improvement to the DESE.
“Diamond ITs’ in-depth knowledge of the accreditation process and ability to manage our stakeholders, was a valuable driver in helping us reach milestones in the Scheme. The accreditation process is so much broader than just a technology focus, instead involving extensive consultation with our people and processes across the organisation.”
To find out more about the invaluable work Castle do to help people “embrace their otherness” and join the workforce, head to their website: www.castle.org.au
How we can support you
Business Technology Consulting and Training
With Diamond IT… it’s personal. You're not "just a number". Our Business Analysts get to know you. They immerse themselves in your business to deeply understand how you operate. So, they get to understand what you’re trying to achieve and why…
Managed IT Services and Optimisation
Since 2007, Diamond IT has provided Managed IT Service Agreements with a focus on both the business and the technology needs of our customers. We aim to help improve productivity, reduce risk and align technology solutions to your business needs, to help you succeed.
Our customised Strategic Review process offers years of industry experience, technical know-how, and trend analysis. This is to ensure our customers are informed, aligned, and in the best position possible to make great business decisions for their technology environment.
Cyber Security and Data Protection
Today, more than ever, you need to secure your network to keep your operations going, keep your data safe and most importantly keep your customers' private information safe.
Subscribe to our eNews