RSM Australia’s Consumer Data Right (CDR) information security accreditation assurance and advisory experience is second to none. We have completed CDR information security audit reports for over 50% of the current Accredited Data Recipients (ADRs), including Frollo, Intuit, Adatree, Finder, Basiq, Zepto and TrueLayer.

RSM Australia assists ADR applicants with:

  • Access to our free CDR Information Security Accreditation Toolkit with examples from successful accreditations
  • ADR application advisory support based on seeing what has been accepted and not accepted by the ACCC
  • CDR Security by Design & Gap Assessment, to ensure the scope of the CDR data environment boundary is correct and you understand the information security requirements
  • CDR Pre-audit/Readiness Assessment to determine whether you are ready for accreditation




Image removed. Darren Booth           

E: [email protected]
T:+61 3 9286 8158

How can we help you?

  • Independent reasonable assurance audit report (ASAE 3150 or SOC 2) for the unrestricted ADR application
  • Assurance to a sponsor or principal that an affiliate or representative agent complies with the CDR information security requirements
  • CREST accredited Penetration Testing as per CDR Schedule 2 Part 2 - Vulnerability Management (optional)
  • CDR Control Assessment Program or ISO 27001 Lead Auditor internal audit (where we are not the independent assurance provider)

We have extensive experience in PCI DSS, ISO 27001, AWS, GCP and Azure, with team members holding PCI, ISO 27001, AWS Security Specialty and Azure Security Associate certifications, Certified Information Systems Auditor (CISA) and Certified Data Privacy Solutions Engineer (CDPSE). 

We have already provided assurance over all the complex areas in the CDR Rules, including: derived data, de-identification, third party providers, outsourced service providers, intermediaries, managed service providers, multi-cloud environments, complex group structures with multiple legal entities, overseas based applicants and leveraging of other security frameworks/certifications.

We are confident that our engagement will result in a cheaper total cost for your accreditation due to our knowledge of the Rules, our experience with different technologies and processes that can effectively demonstrate compliance, and our more efficient end-to-end accreditation process.

Our team provides an iterative and collaborative audit approach to ensure you obtain timely feedback to remediate control weaknesses and meet your project timelines.