Skip to content

Queensland Information Security Policy: Gone Surfing! My Compliance is Done!

Andrew Robinson Feb 10, 2020

Queensland Information Security Policy (QLD ISP) Compliance Tips for Government Bodies

We’ve added the QLD Information Security Policy to the 6clicks Marketplace

How Good’s Queensland!..

Ahhh yes…Queensland. Beautiful one day, compliant with the QLD Information Security Policy the next. 

Thanks to the release of this assessment in the 6clicks Marketplace. 

QLD government departments and agencies now have a much easier way to prepare the Information Security Annual Returns necessary as a part of their reporting obligations and which are due by 30 October each year.  

Make the switch, reduce the hassle, demonstrate improvement…and get back to the beach you lucky funsters. 

Cyber and information security has fast become an issue for governments at every level.  

State governments particularly play a vital role in ensuring security of health, transport, education, justice and many other critical public services in each state. 

Governments hold large volumes of sensitive information (think personal information) and increasing digitisation of services needs to be underpinned by strong security and hence, in QLD, we have Information Security Policy (IS18:2018). 

Break it down now…

The reporting obligations are found across four sections (and quite similar to the NSW Cyber Security Policy, which are:

1. ISMS Requirements

2. ASD Essential 8

3. Queensland Policy Requirements

4. A set of 10 Principles and Requirements

The assessment against QLD ISP requirements are further broken down across 10 principles:

1. Policy, Planning and Governance

2. Asset Management 

3. Human Resources Management 

4. Physical and Environmental Management

5. Communications and Operations Management 

6. Access Management 

7. System Acquisition, Development and Maintenance

8. Incident Management 

9. Business Continuity Management 

10. Compliance Management 

Keen to get started already? Click here for your free trial! …or keep reading 🤓

The set of 10 principles and associated 169 requirements need only be addressed if an effective Information Security Management System (ISMS) based on ISO/IEC 27001 cannot be evidenced in the ISMS requirements section.  

The augmentation of reporting with an assessment against the ASD Essential 8 is quite useful as it cuts straight to technical maturity, which can sometimes be vague in ISO/IEC 27001! 

Here’s the bit about how we can help…

With 6clicks, you can quickly and easily perform assessments of compliance against the QLD IS18 requirements  

Assessment can be conducted by your own organisation or by working collaboratively with any number of Service Providers (consultancies) that now choose 6clicks when performing assessments for you.   

Use of a service provider can help bring independence, expert opinion and credibility to your assessments (and is indeed required by clause 4.3 of the QLD IS18 ISMS requirements).  

Our platform can also help you: 

1. Implement an ISMS (which is stated as part of the QLD IS18 requirements).

2. You can record your information assets and classifications (your “Crown Jewels”), risks and treatment plans (including those with residual rating of high or extreme).

3. Report progress of control implementation and security incidents and issues including assessment results.

4. The combined assessment and management system functionality will help you continually improve over time.

5. You can also easily translate between the QLD IS18 and other frameworks.

Get started with a free trial at the link below. We’re here to help!