The Policy includes the requirement to have an Information Security Management System that takes into account a minimum set of controls, and requirements relating to certification, attestation and maturity progress reporting.

All NSW Public Service Agencies and Shared Service Providers must comply with the policy and is recommended for adoption in State Owned Corporations, as well as local councils and universities.

The Policy aims to ensure that the following objectives are achieved by the NSW Government:

• Confidentiality – to uphold authorised restrictions on access to and disclosure of information including personal or proprietary information.

• Integrity – to protect information against unauthorised alteration or destruction and prevent successful challenges to its authenticity.

• Availability – to provide authorised users with timely and reliable access to information and services.

• Compliance – to comply with relevant legislation, regulations, Cabinet Conventions, policies and contractual obligations requiring information to be available, safeguarded or lawfully used.

• Assurance – to provide assurance to NSW Parliament and the people of NSW that information held by the Government is appropriately protected and handled.

The date of implementation for this Policy and its requirements is 1 July 2015. As a result, attestation templates from version 1 of this Policy may be used for 2014-15 reporting only.

The NSW Government Information Security Community of Practice is available for support and guidance and to share its experience with implementation of this Policy.