Back to Cyber Security

Right-Fit-for-Risk (RFFR)

Ensuring proportional and effective security for Australian Government suppliers.

What is RFFR?

The Right-Fit-for-Risk (RFFR) approach is an Australian Government cyber security standard, driven by the Department of Employment and Workplace Relations (DEWR). It is designed to ensure that providers handling government information apply security measures that are proportional to the risks and the sensitivity of the data they manage.

Instead of a one-size-fits-all approach, RFFR acknowledges that different providers have different risk profiles. The goal is to implement robust security that is effective and appropriate, without overburdening organisations with unnecessary controls. Achieving RFFR accreditation is essential for any business providing services to DEWR and other government departments.

Key Principles of RFFR

  • Proportional Security: Controls are based on the sensitivity and classification of the data being handled.
  • Risk-Based Approach: Focuses on identifying and mitigating the most significant security risks to government information.
  • Clear Assurance Levels: Defines specific requirements that providers must meet to gain accreditation.
  • Continuous Improvement: Encourages an ongoing process of security assessment and enhancement.

How We Guide You to RFFR Accreditation

The RFFR accreditation process requires a detailed understanding of government security requirements. Portal Technology is a leader in the Territory for guiding businesses through this process.

  • Scope and Risk Profiling: We help you understand your obligations and the specific risk profile of the services you provide.
  • Gap Analysis: We meticulously assess your existing security controls against the RFFR requirements to identify any deficiencies.
  • Security Control Implementation: We provide expert assistance to implement the necessary technical and procedural controls to meet the standard.
  • Accreditation Support: We help prepare your IT Security Plan and all supporting evidence required for your DEWR accreditation submission.
  • Ongoing Compliance: We offer managed services to ensure your security measures remain effective and that you are prepared for periodic reviews.