Skip to content

NSW CSP compliance tips for government departments

Andrew Robinson Feb 04, 2020
NSW CSP Compliance Tips for Government Departments

NSW Cyber Security Policy (NSW CSP) Compliance Tips for Government Department & Agencies

We’ve added the NSW Cyber Security Policy (CSP) to the 6clicks Marketplace.

6clicks is coming to the rescue in NSW!

Thanks to the release of the NSW Cyber Security Policy (NSW CSP) Assessment in the 6clicks Marketplace, NSW government departments and agencies have a much easier way to complete the assessments necessary as a part of their reporting obligations, which are due by 31 August each year.

NSW Cyber Security Policy

Cyber security has fast become an issue for governments (and companies) at every level. And with cyber now seen as the #1 risk according to global insurance giant Allianz – it is now more important than ever to make the switch to a better compliance solution, reduce the hassle and demonstrate improvement.

Break it down now…

State governments particularly play a vital role in ensuring security of health, transport, education, justice and many other critical public services in each state. Increasing digitisation of these services needs to be underpinned by strong cyber security and hence, in NSW, strong cyber security is an important part of its NSW Digital Government Strategy.

The reporting obligations span four categories, which are:

1. Assessment against NSW CSP requirements

2. Assessments against the ‘ASD Essential 8

3. A list of your agency’s ‘crown jewels’ (read as; significant information assets)

4. A summary of cyber security risks with a residual rating of high or extreme

The assessment against NSW CSP requirements are further broken down into four categories:

1. Planning and Governance

2. Cyber Security Culture

3. Safeguarding Information and Systems

4. Cyber Incident Management

Keen to get started already? Click here for your free trial! …or keep reading 🤓

The requirements found in these four categories of the NSW CSP assessment relate to security management activities that are also found (albeit worded differently) in the industry standard for information security management systems (ISMS); ISO/IEC 27001.

In case you didn’t already know that, clause 3.1 specifically calls out the requirement for NSW government departments and agencies to have an ISMS based on ISO/IEC 27001. Although certification isn’t always required – sometimes an annual, independent review or audit will suffice.

For us, there’s a lot of overlap between the NSW CSP requirements and those found inside ISO/IEC 27001. Perhaps there is some value in calling out 20 or so requirements for reporting purposes.

The augmentation of reporting with an assessment against the ‘ASD Essential 8’ is quite useful though, as it cuts straight to technical maturity, which can sometimes be vague in ISO/IEC 27001!

Here’s the bit about how we help you…

With 6clicks, you can quickly and easily perform assessments of compliance against the NSW CSP requirements.

Assessment can be conducted by your own organisation or by working collaboratively with any number of Service Providers (consultancies) that now choose 6clicks when performing assessments for you. 

Use of a service provider can help bring independence, expert opinion and credibility to your assessments (and is indeed required by clause 3.1 of the NSW CSP requirements).

Our platform can also help you: 

1. Implement an ISMS (which is also required by clause 3.1 of the NSW CSP requirements).

2. Record your information assets and classifications (your “Crown Jewels”), risks and treatment plans (including those with residual rating of high or extreme).

3. Report progress of control implementation and security incidents and issues including assessment results.

4. The combined assessment and management system functionality will help you continually improve over time.

5. You can also easily translate between the NSW CSP and other frameworks.

Get started with a free trial at the link below. We’re here to help!

Leave a Comment

Register for webinars, watch replays and download our ebooks

eBooks & Guides


Our blog and 6clicks TV

Latest articles and interviews with our partners and thought leaders


Our blog

6clicks TV

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"

CEO | Startup

6clicks Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC


Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?