The requirements with which ELNOs have to report on and/or demonstrate compliance with in their Annual Report to the Registrar, as set out under Categories Two and Three of Schedule 5 of the Model Operating Requirements and the respective Operating Requirements in each State and Territory, include the provision of certifications.
Three types of written certification are required to demonstrate compliance.
Self-Certifications by an ELNO demonstrate continuing compliance when there has been a change in the ELNO’s operations or means of assuring compliance since the previous Annual Report.
No Change Certifications by an ELNO demonstrate continuing compliance by virtue of the ELNO’s operations or compliance assurance arrangements remaining unchanged or of no relevant event having occurred since the ELNO’s last Self-Certification of compliance with the requirement.
Independent Certifications by an independent expert, appointed by an ELNO with the approval of the Registrar, of the ELNO’s compliance with a particular requirement.
Independent Certifications are required prior to commencing operations and annually thereafter of an ELNO’s:
- Information Security Management System
- Risk Management Framework
- Business Continuity and Disaster Recovery Management Program.
The adequacy of certifications is assessed as part of ARNECC’s Annual Reviews of an ELNO’s compliance.
ARNECC, on behalf of the Registrars in each State and Territory, can also require an ELNO to demonstrate its compliance with a requirement in the Operating Requirements at any time by providing a certification.