Skip to content

Queensland information security policy: Compliance made easy!

Andrew Robinson |

February 9, 2020
Queensland information security policy: Compliance made easy!


We’ve added the QLD Information Security Policy to the 6clicks Marketplace

How Good’s Queensland!..

Ahhh yes…Queensland. Beautiful one day, compliant with the QLD Information Security Policy the next. 

Thanks to the release of this assessment in the 6clicks Marketplace

QLD government departments and agencies now have a much easier way to prepare the Information Security Annual Returns necessary as a part of their reporting obligations and which are due by 30 October each year.  

Make the switch, reduce the hassle, demonstrate improvement…and get back to the beach you lucky funsters. 

Cyber and information security has fast become an issue for governments at every level.  

State governments particularly play a vital role in ensuring security of health, transport, education, justice and many other critical public services in each state. 

Governments hold large volumes of sensitive information (think personal information) and increasing digitisation of services needs to be underpinned by strong security and hence, in QLD, we have Information Security Policy (IS18:2018). 

Break it down now…

The reporting obligations are found across four sections (and quite similar to the NSW Cyber Security Policy, which are:

1. ISMS Requirements

2. ASD Essential 8

3. Queensland Policy Requirements

4. A set of 10 Principles and Requirements

The assessment against QLD ISP requirements are further broken down across 10 principles:

1. Policy, Planning and Governance

2. Asset Management 

3. Human Resources Management 

4. Physical and Environmental Management

5. Communications and Operations Management 

6. Access Management 

7. System Acquisition, Development and Maintenance

8. Incident Management 

9. Business Continuity Management 

10. Compliance Management 

Keen to get started already? Click here for your free trial! …or keep reading 🤓

The set of 10 principles and associated 169 requirements need only be addressed if an effective Information Security Management System (ISMS) based on ISO/IEC 27001 cannot be evidenced in the ISMS requirements section.  

The augmentation of reporting with an assessment against the ASD Essential 8 is quite useful as it cuts straight to technical maturity, which can sometimes be vague in ISO/IEC 27001! 

Here’s the bit about how we can help…

With 6clicks, you can quickly and easily perform assessments of compliance against the QLD IS18 requirements  

Assessment can be conducted by your own organisation or by working collaboratively with any number of Service Providers (consultancies) that now choose 6clicks when performing assessments for you.   

Use of a service provider can help bring independence, expert opinion and credibility to your assessments (and is indeed required by clause 4.3 of the QLD IS18 ISMS requirements).  

Our platform can also help you: 

1. Implement an ISMS (which is stated as part of the QLD IS18 requirements).

2. You can record your information assets and classifications (your “Crown Jewels”), risks and treatment plans (including those with residual rating of high or extreme).

3. Report progress of control implementation and security incidents and issues including assessment results.

4. The combined assessment and management system functionality will help you continually improve over time.

5. You can also easily translate between the QLD IS18 and other frameworks.

Get started with a free trial at the link below. We’re here to help!

Andrew Robinson

Written by Andrew Robinson

Andrew started his career in the startup world and went on to perform in cyber and information security advisory roles for the Australian Federal Government and several Victorian Government entities. Andrew has a Masters in Policing, Intelligence and Counter-Terrorism (PICT) specialising in Cyber Security and holds IRAP, ISO 27001 LA, CISSP, CISM and SCF certifications.