The Challenge
Alliance Works underwent a security assessment for their M365 environment by the Department of Education and Workplace Relationships (DEWR) against the Right Fit For Risk (RFFR) framework. They were classified with CAT 2A obligations and given a short, high-stakes deadline to implement the required security controls.
Alliance Works was under immense pressure to achieve compliance without disrupting their operations. They needed an expert partner who could navigate the complex RFFR requirements and liaise with the department effectively.
The Solution: A Proactive, End-to-End Security Overhaul
Cyber Assured immediately engaged with Alliance Works to provide a comprehensive, managed RFFR service. Our approach was not just about ticking boxes; it was a complete redesign of their security posture and implementation from the ground up to address their RFFR obligations and business needs.
Our multi-faceted solution involved:
- Delivery of RFFR Documentations:
- RFFR Scope Document
- Implementation of Essential Eight (E8) Maturity Level 2 (ML2) technical security controls as a minimum
- Delivery of ISMS Statement of Applicability (SoA) - Assess and implement applicable security controls based on department‑provided SoA template.
- Delivery of ISMS Self-assessment report (Conformance and Implementation)
- Complete Security Redesign: We conducted a thorough gap analysis and re-engineered their entire security posture from the ground up, ensuring every aspect was purpose-built to meet and exceed RFFR CAT 2A requirements.
- Department Liaison: We acted as the primary technical intermediary, communicating with DEWR on behalf-of provider to ensure our proposed designs and implementation plans were fully aligned with their expectations, streamlining the approval process.
- End-to-End Implementation: Our team managed the full project lifecycle, from initial design and documentation to the complete technical implementation of all required security controls.
- Managed RFFR Service: Alliance Works was onboarded to our flagship Managed RFFR Service. This provides them RFFR lifecycle management (including Annual Mainainance AM-1,2 and Re-accreditation), and ongoing expert IT support, ensuring they remain compliant in the long term.
Client Testimonial
"Cyber Assured came in at a time when we were under immense pressure to meet government compliance requirements. Their team not only understood the urgency but also delivered a tailored solution that aligned perfectly with our business needs and RFFR obligations. The collaboration with DEWR was seamless, and the outcome exceeded our expectations. We now have a security posture that is not only compliant but also recognized as a benchmark by the department. Cyber Assured has become a trusted partner in our ongoing managed Security & IT support and compliance journey."
Operations Manager, Alliance Works
The Results
The partnership with Cyber Assured turned a potential disaster into a resounding success for Alliance Works.
- Contract Secured: They met full RFFR compliance within the tight deadline, securing their valuable government contract.
- Exemplar Status: DEWR was so impressed with the new security posture that they now hold up the Alliance Works environment as a benchmark example for other service providers in a similar category.
- Ongoing Peace of Mind: With Cyber Assured's managed services, Alliance Works now operates with a robust, compliant, and fully supported security framework, allowing them to focus on their core business.
- Ongoing Partnership: Cyber Assured continues to provide proactive support, ensuring Alliance Works not only maintains compliance but also stays ahead of evolving cyber threats.
- Operational Efficiency Cost-Effective Outsourcing: By fully leveraging Cyber Assured’s managed services, Alliance Works was able to eliminate the need for internal, permanent IT staff. This transition converted the high, fixed costs of in-house personnel (salaries, training, benefits) into a predictable, lower, operational expenditure (OpEx) for expert.
