Digital information security policy

Information Security is everyone’s responsibility.

In 2012, the NSW Government introduced the NSW Government Digital Information Security Policy to establish digital information security requirements across the NSW public sector, including the requirement for all agencies to have an Information Security Management System (ISMS).
The Policy is issued under a Premier’s Memorandum and therefore applies to all government agencies and statutory bodies (as defined under the NSW Public Finance and Audit Act 1983) and to all NSW Government shared service providers that produce annual reports.

The Policy, including a set of key requirements, aims to ensure that certain security objectives are achieved. These include confidentiality, integrity, availability, compliance and assurance.

The Health Care Complaints Commission’s ISMS takes into account a minimum set of controls, as well as requirements relating to certification and annual attestation, and classification of information. The classification requirements are in line with the NSW Government Classification and Labelling Guidelines. Classification is the responsibility of all government employees and applies to all government documents.

The Health Care Complaints Commission is using the following classifications: If the communication relates to HCCC complaints, the classification is “Sensitive” or if it relates to Human Resources (HR) it is “Sensitive: Personal” and Government matters are “Sensitive: NSW Government.”  All other communications are unclassified.

This policy is available in PDF format: Digital Information Security Policy.