Skip to content

Queensland information security policy: Compliance made easy!

Andrew Robinson Feb 10, 2020

Queensland Information Security Policy (QLD ISP) Compliance Tips for Government Bodies

We’ve added the QLD Information Security Policy to the 6clicks Marketplace

How Good’s Queensland!..

Ahhh yes…Queensland. Beautiful one day, compliant with the QLD Information Security Policy the next. 

Thanks to the release of this assessment in the 6clicks Marketplace. 

QLD government departments and agencies now have a much easier way to prepare the Information Security Annual Returns necessary as a part of their reporting obligations and which are due by 30 October each year.  

Make the switch, reduce the hassle, demonstrate improvement…and get back to the beach you lucky funsters. 

Cyber and information security has fast become an issue for governments at every level.  

State governments particularly play a vital role in ensuring security of health, transport, education, justice and many other critical public services in each state. 

Governments hold large volumes of sensitive information (think personal information) and increasing digitisation of services needs to be underpinned by strong security and hence, in QLD, we have Information Security Policy (IS18:2018). 

Break it down now…

The reporting obligations are found across four sections (and quite similar to the NSW Cyber Security Policy, which are:

1. ISMS Requirements

2. ASD Essential 8

3. Queensland Policy Requirements

4. A set of 10 Principles and Requirements

The assessment against QLD ISP requirements are further broken down across 10 principles:

1. Policy, Planning and Governance

2. Asset Management 

3. Human Resources Management 

4. Physical and Environmental Management

5. Communications and Operations Management 

6. Access Management 

7. System Acquisition, Development and Maintenance

8. Incident Management 

9. Business Continuity Management 

10. Compliance Management 

Keen to get started already? Click here for your free trial! …or keep reading 🤓

The set of 10 principles and associated 169 requirements need only be addressed if an effective Information Security Management System (ISMS) based on ISO/IEC 27001 cannot be evidenced in the ISMS requirements section.  

The augmentation of reporting with an assessment against the ASD Essential 8 is quite useful as it cuts straight to technical maturity, which can sometimes be vague in ISO/IEC 27001

Here’s the bit about how we can help…

With 6clicks, you can quickly and easily perform assessments of compliance against the QLD IS18 requirements  

Assessment can be conducted by your own organisation or by working collaboratively with any number of Service Providers (consultancies) that now choose 6clicks when performing assessments for you.   

Use of a service provider can help bring independence, expert opinion and credibility to your assessments (and is indeed required by clause 4.3 of the QLD IS18 ISMS requirements).  

Our platform can also help you: 

1. Implement an ISMS (which is stated as part of the QLD IS18 requirements).

2. You can record your information assets and classifications (your “Crown Jewels”), risks and treatment plans (including those with residual rating of high or extreme).

3. Report progress of control implementation and security incidents and issues including assessment results.

4. The combined assessment and management system functionality will help you continually improve over time.

5. You can also easily translate between the QLD IS18 and other frameworks.

Get started with a free trial at the link below. We’re here to help!

Leave a Comment

Register for webinars, watch replays and download our ebooks

eBooks & Guides


Our blog and 6clicks TV

Latest articles and interviews with our partners and thought leaders


Our blog

6clicks TV

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"

CEO | Startup

6clicks Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC


Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?