The Right Fit For Risk (RFFR) Statement of Applicability (SoA) is a critical document for providers working toward or maintaining accreditation. The Department of Employment and Workplace Relations’ current SoA template is mandatory for RFFR accreditation and is updated quarterly to align with the latest Information Security Manual (ISM). That means organisations using an older SoA often need to map their existing control set, rewrite entries and ensure all new fields are properly completed before their next submission or surveillance activity.
Forde Consulting can take the pain out of that process with a practical, cost-effective conversion service. We review your existing RFFR SoA, map legacy responses into the latest template, identify gaps created by updated requirements, and restructure the document so it is submission ready without forcing you to start again from scratch. This saves time, reduces internal effort and helps ensure your team is working from the current required format.
Where new SoA requirements need fresh responses, Forde Consulting can also help develop clear, defensible control statements and supporting content tailored to your environment. Beyond documentation, we provide implementation support to help you meet many RFFR and ISM-aligned controls using Microsoft 365, including identity and access management, secure configuration, device management, information protection, audit logging and policy enforcement. This gives clients a single partner who can assist with both the paperwork and the practical security outcomes.
If your organisation is still working from an older RFFR SoA, now is the time to update it before the next review cycle. Forde Consulting helps make that transition faster, simpler and more affordable—while also strengthening the Microsoft 365 controls that sit behind your compliance obligations.