This policy is current as at 23/03/2018 06:44am, AEDT. Please refer to policy library website (https://education.nsw.gov.au/policy-library) for an updated version.
Information that is fit for purpose, secure, available, and accessible, and complies with applicable laws and regulations, enables staff to make everyday decisions and assists the Department to realise its strategic objectives.
The department is committed to ensuring an appropriate level of security is applied to protect the confidentiality, integrity and availability of its information and will satisfy applicable requirements.
All departmental information assets, in electronic, paper, audio or video form, whether located in schools, institutes, corporate units or other locations, will be secured according to the information’s level of sensitivity, criticality and risk.
This policy applies to all departmental:
These assets may also include:
The implementation of an Information Security Policy and an Information Security Management System (ISMS), along with effective governance, will enable the department to identify, manage and achieve its information security objectives.
The department will protect its information assets by:
This Policy supports the Department of Finance and Services directive that all agencies appropriately protect information by establishing an Information Security Management System (ISMS). The ISMS should be developed in accordance with the following Standards for Information Security:
An ISMS is a framework and methodology used to manage information security risks. For further information refer to the Information Security Policy - Guideline document (PDF 155.23 KB).
This policy is guided by the following relevant legislation, memoranda, circulars and departmental policies:
The Secretary is responsible for establishing auditable governance and management accountabilities for the Information Security Management System and related activities; and for establishing appropriate monitoring and auditing measures to ensure these accountabilities are discharged effectively.
The Chief Information Officer (CIO) is responsible for the management and maintenance of the Information Security Management System.
All managers, including school principals, are responsible for ensuring that this policy and associated standards and procedures are effectively communicated and implemented throughout all areas of their control.
All staff are responsible for:
The Chief Information Officer is responsible for the monitoring, evaluation and reporting of compliance to this policy.
This policy will be reviewed each year by the Chief Information Officer and when significant legislation or organisational changes require an update.
For further information, contact the Information Security Unit.
Phone (02) 9302 7115.
E-mail to: firstname.lastname@example.org
Copyright for this website is owned by the State of New South Wales through the Department of Education. For more information go to http://www.dec.nsw.gov.au/footer/copyright.