Generated Dec 14, 2019, 12:42 AM

Page of

OFS-2015-05-NSW Government Digital Information Security Policy

Generated Dec 14, 2019, 12:42 AM

Identifier: OFS-2015-05
Status: Archived
Title: OFS-2015-05-NSW Government Digital Information Security Policy
Author: Office of Finance and Services

Generated Dec 14, 2019, 12:42 AM

Page of

Premier

Type:
Premier's Memorandum
Identifier:
OFS-2015-05
Status:
Archived

OFS-2015-05-NSW Government Digital Information Security Policy

Description

The Digital Information Security Policy establishes the digital information security requirements for the NSW public sector.

Function and Subject

Information Management

Reporting

Information and Communications Technology

Security

Detailed Outline

The Policy includes the requirement to have an Information Security Management System that takes into account a minimum set of controls, and requirements relating to certification, attestation and maturity progress reporting.

All NSW Public Service Agencies and Shared Service Providers must comply with the policy and is recommended for adoption in State Owned Corporations, as well as local councils and universities.

The Policy aims to ensure that the following objectives are achieved by the NSW Government:

  • Confidentiality – to uphold authorised restrictions on access to and disclosure of information including personal or proprietary information.

  • Integrity – to protect information against unauthorised alteration or destruction and prevent successful challenges to its authenticity.

  • Availability – to provide authorised users with timely and reliable access to information and services.

  • Compliance – to comply with relevant legislation, regulations, Cabinet Conventions, policies and contractual obligations requiring information to be available, safeguarded or lawfully used.

  • Assurance – to provide assurance to NSW Parliament and the people of NSW that information held by the Government is appropriately protected and handled.

The date of implementation for this Policy and its requirements is 1 July 2015. As a result, attestation templates from version 1 of this Policy may be used for 2014-15 reporting only.

The NSW Government Information Security Community of Practice is available for support and guidance and to share its experience with implementation of this Policy.

Overview

Who needs to know and/or comply with this?

Departments
Statutory Authorities/Bodies
Separate agencies
Executive agencies related to Departments

AR Details

Date Issued
Apr 22, 2015
Review Date
Apr 22, 2016
Replaces
M2012-15 Digital Information Security Policy
Replaced By

Contacts

Contact
Contact_us@dpc.nsw.gov.au
Phone
(02) 9228 5555
Publishing Entity
Department of Premier and Cabinet
Issuing Entity
Premier
Internal Reference (BN15/712)