Policies

Whole-of-Government Policies provide direction to agencies about how they should approach particular aspects of digital and ICT investment, design and delivery, including requirements, when the policy must be applied and exemptions for certain circumstances.

Existing Whole-of-Government Policies:

Digital and ICT Reuse Policy

Visit the Australian Government Architecture website for information on the Digital and ICT Reuse Policy.

Digital Sourcing Policy

Find more information about the digital sourcing policies:

 

Protective Security Policy Framework

Visit the Australian Government Architecture website for information on the Protective Security Policy Framework.

Secure Cloud Policy

The Secure Cloud Strategy guides agencies beyond their current business restrictions and move towards a more agile method of service improvement.

The Secure Cloud Strategy is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.

Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.

Applicability

The policy applies to all Non-corporate Commonwealth entities preparing for the shift to cloud or undergoing the transition to cloud.  

The policy guides agencies to address capability shortcomings, confusion around security requirements, and conflicting agency-specific information and communications technology policies. 

It is encouraged that other government entities (local, state or territory) or Government corporate entities use this policy in the assessment of cloud service providers, its cloud services and a cloud consumer’s own systems 

Policy requirements

Entities are required to use the policy to develop their own cloud strategies to suit their operating environment. 

The Protective Security Policy Framework (PSPF), Information Security Manual (ISM) and Secure Cloud Strategy provide the requirements and security controls for cloud consumers to use in the assessment of the cloud service providers, its cloud services and a cloud consumer’s own systems.

Patterns, standards and tools

For more information visit: Secure Cloud Strategy | Digital Transformation Agency (dta.gov.au)

Hosting Certification Framework

Visit the Australian Government Architecture website for information on the Hosting Certification Framework

Digital Service Standard

Visit the Australian Government Architecture website for information on the Digital Services Standard

Benefits Management Policy

 

The Benefits Management Policy (BMP) helps agencies deliver digital and ICT outcomes by standardising benefits management practices for whole-of-government digital and ICT-enabled investments. 

The Benefits Management Policy defines how benefits must be managed across the Australian Government digital and ICT portfolio.

The BMP outlines:

  • the requirements for investment oversight
  • best-practice guidance on benefits management.

This first iteration of the Benefits Management Policy integrates with the ‘Contestability’ state of the Investment Oversight Framework (IOF). In its final form, the policy will complement the full framework putting benefits at the centre of how investments are planned, prioritised, contested and assured. 

For more information, visit the Benefits Management Policy page