Security

Policies

• Information Security Management Framework
• Security Policy - CTO/P4.1 (PDF 127 KB)
  The Security Policy provides guidelines for Agencies to use in developing their information security capabilities. It also outlines the exemption process.
  
• Privacy and Confidentiality Policy - CTO/P4.2  (PDF 95 KB)
  Each agency must define authorised access for all its data, for example - who has access, what authority is required, level of access allowed. This information is contained in Cabinet Circular Number: 12 (Cabinet Admin. Inst. 1/89) titled Information Privacy Principles.
  
• Security in an Outsourced Environment - CTO/P4.3   (PDF 105 KB)
  This document describes how contracts with external service providers must specify agency-approved information security policies and procedures and must contain provisions to indemnify the South Australian Government and its agencies against the outcomes of violations to the policies and procedures.
• Notifiable Incidents Policy - CTO/P4.5 (PDF 164 KB)
  Agencies and performing suppliers must notify the Office of the Chief Information Officer [OCIO] about incidents which disrupt government information and communication technology [ICT] services.  (Last updated 4 November 2008).

Standards/Guideline

• Notifiable Incidents Guideline - CTO/G4.2 (PDF 268 KB)
  This guideline provides assistance to  implement Government Policy on Notifiable Incidents and also Policy and Risk and Security Frameworks.  (Last updated 4 November 2008).

Further Information

Security & Risk Assurance
SCIP@saugov.sa.gov.au