The Western Australian Whole of Government Digital Security Policy was updated on Wednesday 28 June 2017 with new requirements and a Supplementary Guide to assist public sector agencies to keep government systems and data safe.
The four new requirements are:
- Implement an Information Security Management System (with ISO 27001 as a strongly recommended standard);
- Focus on governance and accountability (especially making ICT part of business managers’ responsibility);
- Assess and treat security risks (using a Risk Register and Digital Security Controls Checklist); and
- Adopt a ‘continuous improvement’ approach (so that digital security is a way of working, not a one-off review).
The updated Digital Security Policy is available at the following links:
The Supplementary Guide is available at the following links. It provides suggested approaches for implementation.
The Guide includes three additional toolkit documents:
- a Template Risk Register;
- a Digital Security Controls Checklist; and
- an Executive ISMS Progress Report.
The Policy sets the direction for the whole of the Western Australian public sector, and the supporting guidance is targeted at supporting the first 12 months of transition. A more comprehensive program of Digital Security support is planned for subsequent years.
This work is licensed under a Creative Commons Attribution 4.0 International License.