The Digital Information Security Policy establishes the digital information security requirements for the NSW public sector, including the requirement to have an Information Security Management System (ISMS) that takes into account a minimum set of controls, and requirements relating to certification, attestation and the establishment of the Digital Information Security Community of Practice.

The Policy applies to all NSW Government Departments, Statutory Bodies and Shared Service Providers. In accordance with Premier's Memorandum M1999-19 Applicability of Memoranda and Circulars to State Owned Corporations, the Policy does not apply to State Owned Corporations; however, it is recommended for adoption.

The Policy aims to ensure that the following digital information and digital information systems security objectives are achieved by the NSW Government:

• Confidentiality – to uphold authorised restrictions on access to and disclosure of information including personal or proprietary information.
• Integrity – to protect information against unauthorised alteration or destruction and prevent successful challenges to its authenticity.
• Availability – to provide authorised users with timely and reliable access to information and services.
• Compliance – to comply with all applicable legislation, regulations, Cabinet Conventions, policies and contractual obligations requiring information to be available, safeguarded or lawfully used.
• Assurance – to provide assurance to Parliament and the people of NSW that information held by the Government is appropriately protected and handled.

Barry O'Farrell MP
Premier