The Business Centre | A Journey Towards Information Security Accreditation

Introducing The Business Centre

The Business Centre is a community-invested organisation that has been responding to the needs of entrepreneurs, businesses, and governments for more than 36 years. They are a not-for-profit with the sole purpose of creating sustainability; in jobs, businesses, urban and rural economies.

Their strength has been built on their ability to develop long-term relationships, listen and respond to their community while adapting to a continually changing business environment. They deliver experience-led advice, mentoring, education, and connections to achieve customer and community goals

The Situation 

Through the likes of State and Federal Government programs, The Business Centre and its associated entities have previously received funding that enabled them to provide training and services to their community.

The New Employment Incentives Scheme (NEIS) is one such program offered by DESE that allows The Business Centre to help individuals turn their business idea into viable businesses through free accredited small business training, business plan development, business mentoring, and, where eligible, financial allowances.

However, from July 1, 2022, the NEIS program is due to be replaced by the Self-Employment Assistance Program 2022–27, a more progressive version of the current NEIS program.

What is the Self-Employment Assistance Program?

The Self-Employment Assistance (SEA) program provides organisations like The Business Centre with the necessary funding required to deliver value add advice, education and support packages to current and aspiring business owners in regional areas.

Through this program, The Business Centre is able to customise mentoring sessions, education courses, and delivery methods, in order to best support the individual needs of each small business.

As part of the tender requirements to receive SEA program funding, providers will be required to demonstrate their compliance with the DESE Information Security Management Systems (ISMS) Scheme.

The DESE ISMS Scheme

The DESE ISMS Scheme aims to bring People, Processes, and Technology together to ensure the interaction between an organisation and the information entrusted to it, is handled securely.

Designed to ensure the storage, processing, and communication of information related to delivering employment services remains confidential and secure, the Scheme includes:

• Global security standard requirements (known as ISO 27001);
• Additional controls from the Australian Government Information Security Manual (ISM); and
• A risk-based framework, known as Right Fit For Risk (RFFR).

You can find out more about the requirements of the DESE ISMS Scheme here.

To ensure The Business Centre was able to tender for such critical funding and support offerings for their clients through the SEA, they engaged Diamond IT’s Business Technology Consulting team to initiate and support them towards the DESE ISMS Scheme accreditation.

“Programs such as the SEA allow us to provide invaluable advice, education, and training to our regional community and their businesses. With the new requirements to demonstrate compliance toward the DESE ISMS Scheme, we knew we needed help from the experts.” – Steve Wait, CEO 

The Solution 

Diamond IT’s approach to supporting The Business Centre toward DESE ISMS Scheme compliance, required the undertaking and completion of a detailed gap analysis to demonstrate their current security posture and compliance position.

This analysis was a critical step in uncovering the information required to make an informed decision for future solutions and planning activities.

The analysis phase of the DESE ISMS Scheme accreditation process required lengthy stakeholder consultation from each business department to be balanced with technical scrutiny and evaluation.

Diamond IT’s Business Technology Consultants worked closely with key stakeholders to:

• Identify and define the scope of coverage.
• Coordinate and complete the Statement of Applicability, including the review of over 700 risk controls.
• Coordinate and complete the associated self-assessment report in preparation for submission.

Passing the M2 gateway

Diamond IT worked closely with The Business Centre to successfully submit the above required documents in December 2021, successfully passing what is known as the M2 gateway of the DESE ISMS Scheme accreditation in January 2022.

“Preparing our submission for the DESE ISMS Scheme was no small feat. Diamond IT’s ability to educate our stakeholders about the process and translate each requirement into an achievable action was invaluable. We greatly appreciate Diamond IT’s expertise and efforts and look forward to our continued partnership.”  – Angela Dowdell, Operations Manager

To find out more about the invaluable work The Business Centre does to create sustainable economies and resilient communities, head to their website: https://www.businesscentre.com.au/