ISO 27001 and Right Fit for Risk

Targeted support to achieve ISO 27001 certification for RFFR

With the Federal Government’s Right Fit for Risk (RFFR) initiative providers of employment skills, training and disability employment services will be required to hold ISO 27001 certification to ensure government owned data is safely held on provider systems.

No matter where you are on our RFFR journey, Vital Advisory can assist with achieving your certification goal and building enduring cyber security capabilities.

Vital Advisory work with you to achieve ISO 27001 on time, with real security benefits

Regardless of where you are in your ISO 27001 – Right Fit for Risk project, Vital Advisory can help you build a structured and comprehensive Information Security Management System which addresses your key risks:

  • Identify and understand your full business and security context
  • Identify the risks which pose a genuine threat to your objectives
  • Select the right suite of procedural and technical controls for data protection
  • Prepare your Statement of Applicability (SoA)
  • Build lasting effectiveness of your ISMS with the correct monitoring and review processes
  • Achieve ISO 27001 certification compliance

Our approach is not centred on box-ticking, but on achieving the benefits and opportunities which ISO 27001 can bring. Expert review of your security and governance practices is key to making these benefits real.

Vital Advisory work with you to bring your
RFFR ISMS accredition in on time, with real security benefits

Risk and Security Experts

Our experts have decades of experience in implementing ISO 27001 for organisations of all sizes.

Outcomes Focused

We work with you to identify the right balance between risk and opportunity, as well as conformance and performance improvement.

End-to-End Support

Regardless of where you are with your RFFR project, we can provide tailored support to achieving your security and compliance objectives.

Documentation Strategy

Our unique approach to documentation produces a management system which is easy to understand and maintain.

To learn more about how Vital Advisory can help with your RFFR ISMS project, please see our

Assistance Packages

Select from the following assistance packages. Fixed-pricing options are available for most packages. If you require assistance based around your organisational role, see our Function Packages further down the page.

Capabilities and Gap Analysis

We work with your technology and business process staff to identify the strengths and weaknesses in your information security implementation and how they map to your RFFR ISMS goals and compliance requirements.

Security Awareness

To ensure that the goals of the ISMS (and broader Information Security) are instilled into your organisation, we run awareness workshops and campaigns with your technology and business staff to enable the necessary organisational change to maintain your RFFR ISMS and make the changes stick.

Experienced. Trusted. Pragmatic.

Contact us to discuss how we can help your team achieve their role in your RFFR ISMS implementation.

Organisational Function Packages

If you need information security assistance for your organisational division, select from the following function packages. Fixed-pricing options are available for most packages.


We help your IT division to correctly identify the full range of information assets they support. We assist you with understanding the complete risk landscape IT faces and how to find the right mix of technical and procedural solutions to address data threats. We document your cyber security risk register with a realistic snapshot of where information security in IT currently is, and what it will realistically accomplish within the accreditation timeframes.

Project Management

We work with your Project Management team to understand the requirements of the ISMS. We help identify project milestones, develop communication strategies, and prioritise your implementation efforts to ensure your RFFR ISMS accreditation is comprehensive and achived on time.

It’s not about the documents produced.
It is about the journey we both take to make every effort count.

Whole of Enterprise Approach

Security is only effective when it embraces the totality of an organisation’s activities.

We don’t focus on technology-based solutions – we develop organisational capabilities to address genuine security challenges.

Vital Advisory work in partnership with your business to build a complete understanding of your security requirements, capabilities and the change needed to accomplish your security goals.

Our methodology for a typical engagement takes clients through four stages:


+ Understand the Business
Firstly we build a detailed understanding of your business: strategic goals; business unit functions; information assets under management; key systems and services; stakeholders; compliance obligations; and more.


+ Understand the Risks
With a clear analysis of your business in place, we leverage this to identify information security risks you face, who has responsibility, and what impacts may befall your business goals. This creates a prioritised understanding of risk and where security capability improvements can protect your interests.


+ Build Your Security Strategy
We develop the Information Security Management System to uplift your security processes. Through use of our unique “One Page” documentation approach we ensure security methods and requirements are easily understood and adopted by business teams to become an active part of your BAU.


+ Put Security Practice into Operation
Ongoing security improvement underpins successful business. We put in place the elements to make security a core component of business operations, which strengthen over time. These include all the lifecycle elements of an effective Information Security Management System.

By applying these four strategies, we ensure that the totality of your information security requirements are identified, addressed, and managed efficiently. Security aligns with your core business goals and becomes a tool to win new business, not remain a cost and complexity burden. 

Talk with a security adviser to find out how to reach your security objectives: call us on +61 420 978 258.


If you’d like to discuss how Vital Advisory can assist you with achieving your Technology Risk Management goals, please contact us on +61 420 978 258.