An Explanation Of Your Results
Red Rhombus has collated responses from real-world Defence audits along with information found in the Australian Government Information Security Manual to indicate your organisation’s cybersecurity preparedness to provide products or services to Defence and other government organisations.
The results from this self-assessment are intended as an indication only and should be reviewed with your IT security provider and assigned Defence Prime Subcontracts Manager.
The questions are grouped into three key sections:
Govern: Identifying and managing security risks.
Protect: Implementing security controls to reduce security risks.
Detect & Respond: Detecting, responding to, and recovering from cybersecurity incidents
There are three possible grades for each section:
If you received a fail score on any of the sections, your organisation will be assessed as not suitable to provide services or products to Defence or Defence Primes. A detailed analysis of your results and IT systems is required to implement mitigation strategies to meet or exceed the requirements.
If you received a marginal score on any of the sections, your organisation may be assessed as not suitable to provide services or products to Defence or Defence Primes. A detailed analysis of your results and systems should be undertaken to ensure you meet the requirements.
If you received a pass score for all of the key sections your organization will likely be assessed as suitable to provide services or products to Defence or Defence Primes. A detailed analysis of your results and systems should be undertaken to ensure you meet the requirements. To streamline your application, you should consider making an application for Defence Industry Security Program (DSIP) membership.
Suggestions from our experience
Here are some of our tips:
- If you answered a) to any question in the self-assessment, you will be assessed as NOT suitable.
- If you answered b) to all questions in a section in the self-assessment, you will be assessed as NOT suitable.
- If you do not meet at least Maturity Level One for all Mitigation Strategies in the Essential Eight Maturity Model, you will be assessed as NOT suitable.
- From our experience, it is better to pass the audit first time than to fail, implement mitigation strategies and then reassess.
- Security Audits from Defence Primes are assessed on a sliding scale. This means that companies with more robust cybersecurity standings are given more weight in consideration for subcontracts.
Your business deserves a higher standard of Managed IT
We believe that technology should empower your teams, support your business goals and deliver measurable results. After you experience our level of IT service, Red Rhombus will show you why IT isn’t just another cost of doing business. You’ll understand why IT is the essential business function it has become to the modern business today and how to leverage it. Get a quote now!