From 1 February 2019, the Digital Information Security Policy will be replaced by the NSW Cyber Security Policy.
All NSW Public Service Agencies must comply with the Policy and it is recommended for adoption in State Owned Corporations, as well as local councils and universities.
New mandatory requirements include:
The Policy includes a requirement for Agencies to provide a cyber security attestation in their annual reports.
Exemptions to any part of this Policy may be sought by Agency heads and sent to the Government Chief Information Security Officer for consideration, prior to Government Chief Information and Digital Officer approval.
The date of adoption for this Policy and its requirements is 1 February 2019, with reporting for the 2018/19 financial year due on 31 August 2019.
The NSW Government Chief Information Security Officer is available for support and guidance regarding implementation of this Policy.