Cyber Security Policy

Information Security is everyone’s responsibility.

On 1 February 2019, the NSW Cyber Security Policy replaced the NSW Government Digital Information Security Policy (DISP). It requires agencies to implement the Australian Cyber Security Centre (ACSC) ‘Essential Eight’ strategies.

The ‘Essential Eight’ are eight baseline security strategies, supported by a detailed set of guidelines and controls that can protect against risks that threaten the agency IT systems and information.

The Cyber Security Policy continues the practice of using an Information Security Management System (ISMS) or Cyber Security Management System (CSMS) that is compliant with a recognised standard. Agencies must still provide an Attestation Statement on cyber security in their annual reports.

The Health Care Complaints Commission’s ISMS takes into account a minimum set of controls, as well as requirements relating to certification and annual attestation, and classification of information.

The Health Care Complaints Commission’s classification requirements are in line with the NSW Government Classification and Labelling Guidelines and using the correct classification of information is important to help ensure the prevention of information breaches and to minimise the impact if an information breach occurs within the Commission.

The Health Care Complaints Commission uses the following classification:

Unclassified – is used when information or material where its loss, misuse, compromise or unauthorised disclosure would not adversely impact the Commission’s activities, reputation or the public interest in general.

Sensitive – this is the Commission’s default classification due to the sensitivity nature of information within the Commission.

Sensitive: Personal DLM – is used with security classified or unclassified information that contains attributes of personal information as defined in Privacy Personal Information Protection Act (PPIPA) 1998.

Sensitive : NSW Government DLM – is used when the compromise of the information could cause limited damage or damage to the NSW Government, commercial entities or members of the public.

Still need more information

If you would like to speak to someone at the Commission for more information before you lodge a written complaint you can contact the Inquiry Line during business hours, Monday to Friday from 9am – 5pm on 1800 043 159 or submit an online inquiry.

Online inquiry

Ready to lodge your complaint

All complaints must be made in writing and we aim to assess complaints within 60 days. Your complaint will be allocated to an assessment officer and we will write to you to explain the outcome of your complaint.

Click here to make a complaint

Track my complaint

You can track the progress of your complaint online.

Click here to track your complaint