Australian ICT security accreditation scheme mooted

In a request for tender document (RFT) released this week, the Department of Communications, Information Technology and the Arts (DCITA) said: "There is currently no widely accepted or consistent framework for e-security qualifications and skills recognition in the Australian marketplace," and pointed out that the need is currently only filled by a number of vendor-specific and international IT security qualifications.

According to DCITA, however, these existing qualifications are not good enough. "The Department has been approached by a number of industry associations and industry representatives calling for the development of a qualification that is tailored to the specific needs of the Australian marketplace," said the RFT. This sort of qualification "would improve IT consumer choice and enhance overall industry standards."

The first step towards a national IT security qualification, said the document, was to look at what was currently in the marketplace and produce a 'state of play' report. Such a report would also include "an analysis on the range of views on the need for an Australian IT security skills accreditation/certification scheme".

Whichever organisation wins the contract to produce this report for DCITA will then present its findings to interested stakeholders from both industry and government, at a one day workshop to be held on 15 June this year in Sydney. This workshop will "canvass the issues raised and seek a clear direction from participants as to a way forward".

After this meeting takes place, the second and more intensive stage of the contract begins. The consultant will "conduct further extensive consultations with interested players/stakeholders with the aim of arriving at an agreed approach to IT security skills accreditation/certification in the Australian setting."

Crucially, the report to DCITA on this second stage of the contract will "summarise industry views on the way forward", including commentary on the issue of whether or not there is actual agreement on the marketplace's need for an Australian IT security qualification. The report will then set out "possible governance arrangements for the management of an IT security accreditation/certification scheme".

However much control the department may want over the entire process, it remains clear that DCITA believes that any national IT security qualification scheme should be "industry driven, run and funded". The department even specified that industry players interested in attending the one-day workshop in Sydney will need to find their own way there, saying: "It is not envisaged that fares assistance will be provided to any workshop participants."

The closing date for tenders to be submitted to the department is the 7th of April this year, with the Stage 1 report due out by 31 May. Those interested in attending the one-day workshop on the report should mark down 15 June in their diaries, with the final Stage 2 report due to be published one month later in mid-July. DCITA estimates that the total cost of the consultancy services it is requesting should not exceed AU$95,000.