Skip to main content
  • RTO Standards Guide
  • Accredited Course Standards Guide
  • asqanet
  • asqaconnect
Australian Government Australian Skills Quality Authority

Main navigation

  • RTOs
    Close
    RTOs
    • What is an RTO?
    • How to become an RTO
      • Prepare your RTO application
      • Submit your RTO registration application
      • How we assess RTO applications
      • RTO application decision
    • Renew RTO registration
      • How to renew your registration
      • How we assess your registration renewal
    • Change RTO scope
      • Change RTO scope | Add training products
      • Change RTO scope | TAE Training Package evidence
      • Change RTO scope | Application process
      • Change RTO scope | Remove training products
      • When training products change
    • Withdraw registration
    • Requirements and responsibilities
      • Complying with legislation
      • Complying with ASQA requirements
      • Qualifications and statements of attainment
      • Data collection and provision
      • Other licensing and registration requirements
    • Change RTO details
      • Change business address
      • Change key staff or their contact details
      • Change legal or business name
      • Change scope of registration
      • Change to financial status
      • Change to legal entity type, ownership, and mergers
      • Changes due to COVID-19
      • Keep delivery locations updated
    • Focus on compliance - Spotlight On
      • Series 1 | Trainers and assessors
      • Series 2 | Assessment Validation
      • Series 3 | Assessment
      • Series 4 | Student support
      • Series 5 | Marketing and advertising
    • Users’ guide to the Standards for RTOs 2015
      • Introduction to the RTO standards users' guide
      • Chapter 1—Marketing and recruitment
      • Chapter 2—Enrolment
      • Chapter 3—Support and progression
      • Chapter 4—Training and assessment
      • Chapter 5—Completion
      • Chapter 6—Regulatory compliance and governance practice
      • Appendix 1—Index to Standards/clauses as referenced in the users’ guide
      • Self-assessment tool
    • ASQA delegations
    • More support
  • ESOS providers
    Close
    ESOS providers
    • What is an ESOS provider?
    • How to become an ESOS provider
      • Prepare your ESOS application
      • Submit your application
      • How we assess ESOS applications
      • ESOS application decision
    • ESOS requirements
      • Education agents
      • Learner Transitions
      • Legislative obligations
      • Maintaining your registration
      • Obligations when facilitating student transfers
      • Overseas student attendance
      • Provider default obligations
      • Quality Indicators
      • Quality of training experience
      • Reporting obligations summary
      • Resourcing requirements—for applicants seeking initial registration or change to scope of registration
      • Retention requirements for completed student assessment items
      • Third party arrangements for training and/or assessment of VET courses
      • Written agreements with overseas students
    • English-language courses (ELICOS)
    • Change ESOS registration
      • Change ESOS registration | Application process
      • Change ESOS registration | Documentation requirements
      • Change ESOS registration | Fees
    • Renew registration
    • Change CRICOS details
    • How we process applications
    • Withdraw registration
    • More support
  • Course accreditation
    Close
    Course accreditation
    • What is an accredited course?
    • Apply for course accreditation
      • Step 1—VET course concept
      • Step 2—Course development
      • Step 3—Course submission
      • Step 4—Application assessment
      • Step 5—Decision
      • Users’ guide to developing a course document
    • Manage a course
      • Amend a course
      • Cancel a course
      • Extend a course
    • Renew a course
      • Step 1—Intention to renew
      • Step 2—Course redevelopment
      • Step 3—Submit course renewal
      • Step 4—Application assessment (renewal)
      • Step 5—Decision (renewal)
    • Course owner responsibilities
    • Users’ guide to the Standards for VET Accredited Courses
      • Foreword
      • About the Standards
      • About this guide
      • National course document template
      • Standards
      • Accredited courses guide appendices
    • More support—Course accreditation
  • Students
    Close
    Students
    • How ASQA can help students
    • Choosing a course and provider
    • Provider closures
    • Student records
    • Complaints about providers
    • More support
      • Courses and providers
  • Guidance & resources
    Close
    Guidance & resources
    • Focus on compliance - Spotlight On
      • Series 1 | Trainers and assessors
      • Series 2 | Assessment Validation
      • Series 3 | Assessment
      • Series 4 | Student support
      • Series 5 | Marketing and advertising
    • Online learning
      • Planning online learning
      • Marketing and enrolment for online learning
      • Online student support
      • Online training and assessment
    • Resources
      • Users' guide to Standards for RTOs 2015
      • Users’ guide to developing a course document
      • Accredited Course Standards Guide
      • Fact sheets
      • FAQs
      • Forms
      • Guidance for Providers
      • Guides and tools
      • Presentations
      • Publications
      • Videos and webinars
    • Third-party agreements
      • Third-party written agreements
      • Third-party agreements for VET in schools
    • ESOS requirements
      • ESOS Return to Compliance for face to face training
    • Annual declaration on compliance
    • Practical training and assessment
    • Managing natural disaster and pandemics
  • How we regulate
    Close
    How we regulate
    • Our approach
    • Risk-based regulation
    • Risk priorities
      • Student work placement
      • Academic integrity
      • Online delivery
      • Shortened course duration
      • Recognition of prior learning
      • VET workforce capability
      • International delivery
      • Governance through change
      • Setting our risk priorities
      • Previous risk priority and strategy documents
    • Self-assurance
      • Towards self-assurance
      • Draft model for self-assurance
      • Building a shared understanding of self-assurance
    • Strategic reviews
      • Past strategic reviews
    • Our regulatory practice
      • Record of decisions prior to 1st March 2021
    • How we engage and educate
      • Provider Roundtable
      • Stakeholder Liaison Group
      • Consultation
    • Performance assessment (audit)
      • How to prepare for a performance assessment
      • During your performance assessment
      • After your performance assessment: If you’re compliant
      • After your performance assessment: If you’re non-compliant
    • Provider profiles
  • About us
    Close
    About us
    • ASQA overview
      • Our role
      • Our values
      • Key legislation
      • Our leadership and organisation
      • National Vocational Education and Training Regulator Advisory Council
      • Work with us
    • VET sector overview
      • National register of VET
      • Training packages
    • Fees and charges
      • Current ASQA fees and charges
      • Annual registration charge
      • Transition arrangements
      • Cost Recovery Implementation Statement (CRIS)
      • How we consult on fees and charges
      • ELICOS fee relief
    • Reporting and accountability
      • Annual reports
      • Corporate Plan
      • Gifts and benefits register
      • Consultation
      • Service Charter and service standards
      • Surveys
      • Corporate publications
      • Privacy policy
      • APS employee census results
      • Financial reporting
      • Freedom of information
      • Vulnerability Disclosure Statement
      • Harradine report
      • Information publication scheme
      • Child Safety Policy
    • Contact us
      • Office locations
    • Complaints
      • Complaints about training providers
      • Complaints about ASQA
      • More support
    • Using this website
      • Accessibility
      • Disclaimer
      • Site map
      • Copyright
Reporting and accountability
  • Annual reports
  • Corporate Plan
  • Gifts and benefits register
  • Consultation
  • Service Charter and service standards
  • Surveys
    • Annual provider and course owner survey 2023
  • Corporate publications
  • Privacy policy
  • APS employee census results
  • Financial reporting
  • Freedom of information
  • Vulnerability Disclosure Statement
  • Harradine report
  • Information publication scheme
  • Child Safety Policy
  • Home
  • About us
  • Reporting and accountability
  • Vulnerability Disclosure Statement

Vulnerability Disclosure Statement

This statement gives a person a point of contact to directly submit their findings if they believe they have found a potential security vulnerability within digital systems operated by the ASQA.

About our Vulnerability Disclosure Policy

Digital system security is important to us. Our security approach strives to keep these systems secure, however there maybe vulnerabilities which have not been discovered.

As such, it is important for us to have this mechanism in place to make reporting a security vulnerability quick and easy. Once a security vulnerability has been disclosed, it can provide us with the information required to shape appropriate mitigation steps and help us understand and address the risk that security vulnerability may pose to our staff and end users of our digital systems.

To assist us in maintaining secure systems, we encourage the community to engage with us. To enable this collaboration, we have implemented a digital systems vulnerability disclosure policy to allow the community to share findings with us.

What Vulnerability Disclosure Policy covers

The policy covers:

  • any product or service operated by ASQA in which the person has lawful access to
  • any third party owned services used by ASQA which the person has lawful access to.  

What the policy does not cover:

  • clickjacking
  • social engineering or phishing
  • weak or insecure SSL ciphers and certificates
  • denial of service (DoS or DDoS) attacks
  • posting, transmitting, uploading, linking to, or sending any malware
  • physical attacks
  • attempts to modify or destroy data
  • attempts to extract or exfiltrate sensitive data.

This policy does not authorise individuals or groups to undertake hacking or penetration testing against ASQA digital systems. This policy does not cover any other action that is unlawful or contrary to legally enforceable terms and conditions for using a product or service.

How to report a digital systems vulnerability

If you have identified a vulnerability with our digital systems, please report it to us as quickly as possible via email, including enough detail so we can reproduce your steps.

As an Australian Government agency, we are unable to compensate you for the discovery of a vulnerability or confirming a vulnerability.

Our policy does not authorise security testing to be conducted against ASQA. If you believe there is a vulnerability, please report it to us so we can test and verify.

If you report a vulnerability under this policy, we request you keep it confidential and not make your research public until we have finished investigating and fixed or mitigated the vulnerability. 

To report a suspected vulnerability in our digital systems please contact: VulnerabilityDisclosure@asqa.gov.au

Please provide as much detail as possible, including:

  • details of the potential vulnerability
  • the product/service which may be impacted
  • your contact details.

Your information will be considered confidential and handled according to our privacy policy. 

What happens next

We will:

  • respond to your report within 5 business days
  • keep you informed of our progress
  • agree upon a date for public disclosure
  • with your consent credit you as the person who discovered the vulnerability. 

People who have disclosed digital systems vulnerabilities to us

Below are names or aliases of people who have identified and disclosed vulnerabilities to us:  
(Note: the names and aliases of the people listed consented to their name or alias being published) 

  • none recorded at this time 
Was this page helpful?

Share

Print
Australian Government Australian Skills Quality Authority
Logo Working Together

Footer

  • RTOs
  • Guidance & Resources
  • How we regulate
  • About Us
  • CRICOS
  • RTO standards
  • Our regulatory practice
  • Contact us
  • Students
  • Course accreditation
  • Privacy
  • Using this website

Subscribe to our newsletter

  • Twitter
  • LinkedIn
  • YouTube
Logo Working Together
Aboriginal flag Flag TI

The Australian Skills Quality Authority acknowledges the traditional owners and custodians of country throughout Australia and acknowledges their continuing connection to land, sea and community. We pay our respects to the people, the cultures and the elders past, present and emerging.