Darwin Skills Development Scheme (DSDS) are a not-for-profit organisation that provides training, information facilities and support to people with disabilities who are looking for work. DSDS also supports businesses to hire staff with disabilities by directing them to people that are a good fit for the role and assisting them with business and location alterations to accommodate the individual’s needs.
DSDS is funded through federally sourced programs and grants. Recently, the federal department mandated compliance to both the industry security standard ISO 27001 and the federal government’s security standard ISM. Compliance to these standards is complex, but DSDS needed this so that they could continue to receive the critical program funding that enables them to operate.
Implementing complex security standards within a tight timeframe
Compliance to the federal government’s security standards is complex and challenging for large companies to attain but it’s especially challenging for smaller companies that don’t have large budgets to make the required changes. On top of this, DSDS was working to an extremely tight timeframe
This type of project often requires a year to implement and includes staff from business management, IT management, technical personnel and business analysts. DSDS had a deadline of 2 months to ensure they were compliant for Government Funding.
“We’ve had a long-standing relationship with Area9 and, after exploring our options with different organisations, their team was a standout above the other choices. They had the experience and skills to assist us with implementing these standards in a quick and efficient manner.”
Stephanie Ransome, Chief Executive Officer – Darwin Skills Development Scheme
A collaborative, quick and compliant solution
Since we didn’t have a lot of time to implement this complex project, our team hit the ground running, working closely with DSDS to make sure every box was ticked.
“Throughout the entire process, there was a lot of open and honest communication about where DSDS was at, what we needed, what we could achieve now and what we could do in the future.”
The project included 4 main steps:
- Area9 reviewed the material provided to DSDS and explained it to their team in a way that was easy to understand.
- We carried out a gap analysis on their IT infrastructure, business processes and physical locations to determine the scope of work required to meet the compliance requirements.
- We then helped DSDS to document the existing environments and build a report for the federal government that described the applicable scope of the standard in relation to DSDS, the gaps present and a plan to close those gaps.
- We worked closely with DSDS to close gaps such as technical infrastructure and configuration, changes to processes and practices in the company, updates to policies and risk management processes and implementation of physical controls (such as restricting access to locations, and signage).
When implementing ISO standards, it’s always worthwhile seeking professional assistance. By having someone interpret the standard and how it applies to your company, you’ll save implementation costs by either reducing the scope of the standard, right-sizing the extent to which controls are applied to meet the outcomes needed. You can also save the company from repeating mistakes that others have already made.
“Area9 were great at helping me to understand what was actually required and then giving me the tools to be able to assess our organisation’s cybersecurity and the different requirements that the government wanted from us.”
Charging into the future
Through Area9’s work, DSDS has met compliance standards so that they can continue receiving critical program funding.
“We were able to get our documentation in on time which means we could meet that part of our contract despite the tight deadlines. The project really grew the relationship between Darwin Skills Development Scheme and Area9 by taking the trust to the next level. This has opened up new opportunities to work together in the future because we know we can count on their team.”
Along the way, our team also helped empower the DSDS team with the knowledge they need to keep their organisation secure from cyber attacks.
“Their team was great at teaching us and opening our eyes to cybersecurity. Their approach made me feel a lot more confident about asking questions and understanding how to get more bang for our buck when it comes to IT improvements.”
Stephanie Ransome, Chief Executive Officer – Darwin Skills Development Scheme