The department uses a network of contracted employment service providers (providers) to deliver its programs. To support this, providers access various departmental IT systems which also support programs administered by other Government departments. Providers may also develop their own systems or use accredited third party employment systems (TPES) developed by third party vendors.
Assurance of employment systems is required where:
- the TPES interacts with any of the department’s systems
- the TPES stores job seeker data where the vendor manages the system and retains access (eg they retain database administrator role)
- a provider has a deed with any government enterprise which stipulates the provider is to only use TPES accredited by the department.
Accreditation provides assurance that there are safeguards to protect program data and information.
Be Software products are not accredited by the department
Be Software's iignite product was previously accredited by the department in 2016. When it expired, Be Software have chosen not to maintain this accreditation. Accordingly, this website shows that iignite's accreditation has expired.
We note that Be Software are stating on their websites (such as besoftware.biz and iignite.biz) that their iignite product is still accredited. We would like to confirm that their accreditation has expired and this product must not be used in the delivery of employment services.
For providers – Use of an accredited third party employment system
Any provider choosing to use a TPES has a responsibility to ensure the system is secure before using it to process, store or communicate data relating to the delivery of Government programs.
Any intention to change an accredited TPES must be explicitly authorised by the department.
Accreditation is for the benefit of the department, and is not a warranty that a TPES is fit for its intended use or for a provider’s specific business processes.
To reduce provider costs, the department works directly with TPES vendors to assess and accredit their systems. This also makes it quicker and easier for providers wishing to change TPES. Alternatively, the department provides secure in-house IT systems that can be used as-is by providers to meet their obligations under their deeds.
What third party IT systems are accredited directly?
The department only accredits specific TPES, not specific vendors, and does not recommend the use of any particular TPES.
Systems are accredited for functionality at the date of accreditation. Any changes to system design or functionality with security implications require reaccreditation by the department.
To assist providers to understand which features have been accredited, the department will work with the TPES vendor to prepare an accreditation letter. This letter also details the responsibilities and security implications that providers need to address in their decision to use the TPES and securely implement it.
The current reaccreditation process began during October 2018, and expiry was extended to 30 June 2019.
The accreditation status of the TPES is outlined in the table below.
|Third Party Vendor||Accreditation Status||Accredited System||Notes||Accreditation Letter|
|SoNET Systems||Accredited||iCase||Note 1|
|JobReady||Accredited||JobReady Live||Note 2||JobReady Live Accreditation letter|
|Hivetec||Accredited||Bridge||Note 3||Hivetec Bridge Accreditation letter|
|Leading Directions||Provisional Plus||BuddyNote, Performance Reports||Note 5||Not currently available – please contact Securitycompliancesupport@dese.gov.au|
|JobReady||Expired||Neptune||Note 2||Expired 30 June 2020|
|KV Interactive||Expired||JDE-MAX||Note 4||Expired 30 June 2020|
|Be Software||Not Accredited||Iignite||-||-|
- Systems (with explicitly assessed functionality) accredited for use by providers.
- Review the accreditation letter to understand your responsibilities and security implications of using this TPES. The letter also details the features covered by the accreditation. Any feature not specified in the letter is not accredited. Your organisation would need to assess whether the vendor has adequate safeguards to protect program data and information yourself before you can use it.
- Use of accredited systems does not ensure a system is fit-for-purpose, suits business processes, or meets provider obligations to protect program data.
- The department will not endorse a move from an accredited TPES to another with less advanced accreditation.
Provisional Plus accreditation
- The department has limited assurance the TPES has safeguards to protect program data, and the department considers the risk to us is acceptable.
- Providers will generally be able to start using this TPES, subject to endorsement by the department.
- Systems which have already met specific requirements and are being actively assessed for reaccreditation.
- Provisionally accredited systems may be used by existing users only, limited to functionality already in use.
- New users or the use of increased functionality is not authorised.
Proposed TPES undergoing accreditation
The vendor has signed a deed with the department and have commenced the accreditation process. Please contact the vendor directly if your organisation wishes to use it in the future to ensure the features you want to use are covered within the scope.
|Proposed System||Deed Execution Date|
For third party employment system vendors
TPES handling information or data relating to programs delivered by the department must gain and maintain accreditation prior to use by our providers.
Vendors who are unsure whether their systems require accreditation should contact the Security Compliance Support mailbox with the following information:
- outline of the system and services offered
- how the system will assist providers to deliver our programs, and which programs are proposed
- an overview of the system design and access, such as high level architecture, data centre locations, access, authentication, administrative staff locations
- how the system is intended to inter-operate with the department’s system, such as daily bulk download and upload of data, real-time via APIs
- the scope of any existing IT security certifications or accreditations maintained
- the providers considering your system.