When it comes to personnel and IT, it’s a high-risk environment right now.

  • 9 in 10 data breaches involve trusted insiders – mainly to due to negligence
  • 1 in 5 data breaches are caused by malicious employees
  • 1 in 5 lie on their job resumes
  • 1 in 5 had misrepresented their qualifications
  • 3 in 5 who have criminal convictions failed to admit them, even when asked during hiring interview
  • 1 in 5 applicants are unsuitable to hold a TSPV national security clearance
  • 1 in 4 applicants assessed as ‘not qualified’ in pre-employment integrity tests (sample size 15,000 candidates)
  • 1 in 4 applicants admit that their behaviour would be considered as “high risk” to their employers.

The consequences?

  1. Hiring the wrong person can cost businesses between 30 per cent and 200 percent of a person’s annual salary.
  2. The Privacy Commissioner will be fining organisations $1,800,000 for Data Breaches.
  3. Data Breaches are averaging between $100,000-$200,000 per incident.

The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) services to government in support of Australia’s security. IRAP services include providing advice for, and assessments of, gateways, specialised government network connections, government systems, system documentation, and risk mitigation.

We can assist IRAP Assessors provide risk mitigation advice to clients about moving personnel through to security cleared positions.  The Cleard.life qualification allows the employer to anticipate an official outcome of a specific level of security clearance before the “e-Pack” is submitted. A sort of “dress rehearsal” which means it is not a short-cut to the official process. But it provides solid business information that allows the employer to make an informed decision about who of their personnel should be on the IT project … without wasting precious time (waiting for ‘unsuitable’ applicants to get through the backlogged vetting ecosystem) and money (some clearances cost around $10,000 each).

The ASD recommends seeking at least three quotes when engaging an IRAP Assessor. Note ASD does not recommend specific IRAP Assessors nor Cleard.life nor assists in selecting an IRAP Assessor for a particular task. The ASD also recommend not restricting engagement to those IRAP Assessors geographically located closest to you.

Ask your IRAP Assessor about risk mitigation methods that reduce your “security clearance” risks. As some IRAP Assessors are unfamiliar with our service, so let them know and ask them to get in touch with us.
 
Here is a recent case:
 
The $220 million contract required Telstra to submit a data protection plan within 40 days of signing it; a privacy policy or security risk management plan be submitted; that a deed of confidentiality and privacy be signed with subcontractors; and that Telstra staff with direct access to the register have appropriate security clearance.

And a list detailing security clearances for Telstra staff with access to the register is “incomplete“, the auditor reported.

An independent IRAP (ASD’s information security registered assessors program) assessment will be undertaken before the register goes live, it said, and it already has “processes and controls” in place to restrict access to sensitive information.

https://www.itnews.com.au/news/australias-telstra-run-cancer-register-has-no-security-privacy-plan-466951

You may also may find these articles interesting:
Manage your Third-Party Risks. Read more here.
Recruitment Agency: Improve your value proposition and your recommendations. Read more here and here.
Existing Employees: Vet them to know if they can move in to a (higher) national security designation position (SECRET, TOP SECRET, TSPV). Read more here.