Australian National Audit Office 2018, ‘Australian Electoral Commission’s Procurement of Services for the Conduct of the 2016 Federal Election’, The Auditor-General Audit Report No. 25 2017-18 Performance Audit, Canberra.
1. Were IT security risks assessed and treated prior to operation?(p.41)
– variation excluded the ICT supplier from complying with the ISM and undertaking an IRAP assessment
– Stage 1 audit report indicated a high level of ISM non-compliance (107 ISM controls not implemented) and there was no documentation justifying the non-compliance
-APPROXIMATE LENGTH 2 PAGES