Instead of testing against the Australian government’s Information Security Manual, vendors sign a form saying they are compliant.
Article Link: https://www.zdnet.com/article/third-party-minimum-cyber-compliance-for-my-health-record-skipped-audit-office/#ftag=RSSbaffb68