Policies
Whole-of-Government Policies provide direction to agencies about how they should approach particular aspects of digital and ICT investment, design and delivery, including requirements, when the policy must be applied and exemptions for certain circumstances.
Existing Whole-of-Government Policies:
Digital and ICT Reuse Policy
The Digital and ICT Reuse Policy ensures a whole of government focus on reuse of digital and ICT capabilities.
The Digital and ICT Reuse Policy is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.
Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.
Applicability
The Digital and ICT Reuse Policy applies to Non-corporate Commonwealth entities subject to the Public Governance, Performance and Accountability Act 2013.
For corporate Commonwealth entities and wholly owned Commonwealth companies, the policy represents better practice.
The DTA will assess digital and ICT proposals against the policy. This assessment will cover proposals to change or create government services that meet the following criteria:
- digital and/or ICT enabled with a whole-of-life ICT cost of $10 million or more.
Policy requirements
The Digital and ICT Reuse Policy is underpinned by three high-level requirements. Agencies must consider these requirements when proposing, designing or delivering new government capabilities with a digital and ICT component or improving an existing digital service. The Digital and ICT Reuse Policy is underpinned by three high-level requirements:
1. Reuse whenever possible – your proposed investments must plan for and make use of any opportunities to reuse existing services or tools within your agency and across government.
2. Design and build for reuse – if your proposed investment cannot reuse an existing digital or ICT solution, you must ensure that a the service you build, can be reused by other agencies.
3. Enable reuse by others – you must ensure anything you create is shared for others to reuse unless there’s a good reason not to.
Patterns, Standards and Tools
For more information see: Digital and ICT reuse policy
Digital Sourcing Policy
The Framework and the four associated digital sourcing policies ensure government buyers source digital products and services that enable a modern digital government.
The Digital Sourcing Framework is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.
Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.
Applicability
Unless exempted, the four digital sourcing policies must be applied by all Non-corporate Commonwealth entities. They include the:
- Digital Sourcing Consider First policy, which applies to investments in digital products and services valued at $80,000 or greater
- Digital Sourcing Fair Criteria Policy, which applies to procurements of digital products and services valued at $80,000 or greater
- Digital Sourcing Panels Policy, which applies to new or updated
multi-supplier digital panels - Digital Sourcing Contract Limits and Reviews Policy, which applies to all ICT and digital contracts and work orders.
The DTA recommends that Government corporate entities apply these policies.
Policy requirements
Each policy has requirements that apply to applicable entities.
- under the Consider First policy, entities must complete a self-assessment using the Consider First Assessment Tool for each applicable investment
- under the Fair Criteria policy, entities must complete the Fair Criteria Checklist for each applicable procurement
- under the Panels Policy, entities must apply for certification for each applicable panel
- under the Contract Limits and Reviews policy, entities must limit the term and value of each applicable contract, in addition to reviewing applicable contracts before being able to exercise an available extension option.
Patterns, standards and tools
- Digital Sourcing Clausebank
- Whole of Government Sourcing Arrangements
- Digital and ICT Marketplaces
- BuyICT
- Digital Sourcing contract templates
Protective Security Policy Framework
Although not administered by the DTA, the PSPF (administered by the Attorney-General’s Department) assists Australian Government entities to protect their people, information, and assets – both at home and overseas, and is an important consideration of digital proposals.
The PSPF is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.
Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.
Applicability
The framework applies to Non-corporate Commonwealth entities subjected to the Public Governance, Performance and Accountability Act 2013, and entities must apply the PSPF as it relates to their risk environment.
Non-government organisations that access security ‑ classified information may be required to enter into a deed or agreement to apply relevant parts of the PSPF for that information.
State and territory government agencies that hold or access Commonwealth security ‑ classified information must apply the PSPF to that information consistent with arrangements agreed between the Commonwealth, states and territories.
Policy requirements
There are 16 core requirements in the PSPF. Accountable entities must achieve appropriate application of the protective security to its operational environment so that it effectively enables entities to protect the Government’s people, information, and assets.
Patterns, standards and tools
Further information on the PSPF can be found on the Protective Security website.
Secure Cloud Policy
The Secure Cloud Strategy guides agencies beyond their current business restrictions and move towards a more agile method of service improvement.
The Secure Cloud Strategy is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.
Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.
Applicability
The policy applies to all Non-corporate Commonwealth entities preparing for the shift to cloud or undergoing the transition to cloud.
The policy guides agencies to address capability shortcomings, confusion around security requirements, and conflicting agency-specific information and communications technology policies.
It is encouraged that other government entities (local, state or territory) or Government corporate entities use this policy in the assessment of cloud service providers, its cloud services and a cloud consumer’s own systems
Policy requirements
Entities are required to use the policy to develop their own cloud strategies to suit their operating environment.
The Protective Security Policy Framework (PSPF), Information Security Manual (ISM) and Secure Cloud Strategy provide the requirements and security controls for cloud consumers to use in the assessment of the cloud service providers, its cloud services and a cloud consumer’s own systems.
Patterns, standards and tools
For more information visit: Secure Cloud Strategy | Digital Transformation Agency (dta.gov.au)
Hosting Policy
The Hosting Strategy provides policy direction and guidance applicable to the Australian Government hosting ecosystem including facilities and infrastructure. It supports the government’s commitment to privacy, security, and resilience, while improving the delivery of government services.
The Hosting Strategy is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.
Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.
Applicability
The policy applies to all Non-corporate Commonwealth entities considering hosting solutions for arrangements that include the off-site hosting of data.
The policy guides a defined approach to hosting arrangements that meets the needs of agencies to deliver on the Digital Government Strategy. The scope comprises of data centre facilities, infrastructure, data storage and data transmission
Policy requirements
Federal government agencies are required to ensure effective controls are in place for critical data holdings and systems that underpin their operations. This includes knowing how, where and when data is stored and achieving greater assurance over the operation and supply chains of providers.
All sensitive government data, Whole-of-Government systems, and systems rated at the classification level of PROTECTED will be hosted within data centre facilities and by certified hosting providers.
Patterns, standards and tools
For more information visit: Whole-of-government Hosting Strategy | Digital Transformation Agency (dta.gov.au)
Digital Service Standard
The Digital Service Standard is a set of best practice principles to help agencies design and build digital services that are simple, clear and fast for Australians. By following the Digital Service Standard, Government is ensuring digital services provide public value and meet user needs, with ongoing service improvements based on evidence and learnings. The Digital Service Standard ensures that government services are designed for the user with a consistent look and feel.
The Digital Service Standard is one of the whole-of-government digital policies and standards that the DTA uses to assess whether a digital or ICT-enabled investment proposal is robust, of high quality and can be brought forward for Government consideration.
Further detail on the requirements for agencies when bringing forward digital and ICT-enabled investment proposals for Government consideration can be found at the Contestability (Budget) stage of the Whole-of-Government Digital and ICT Oversight Framework.
Applicability
Unless excepted, this policy must be applied by all Non-corporate Commonwealth entities. It applies to all new information and transactions of public facing services as of 6 May 2016, as well as any pre-existing informational or transactional services that have been redesigned after 6 May 2016.
The DTA encourages other government entities (local, state or territory) or Government corporate entities apply this policy.
Policy requirements
Entities must assess and comply with the principles of the Digital Service Standard to ensure continuous improvement opportunities in support of effective project delivery.
Patterns, standards and tools
For more information visit: Digital Service Standard criteria | Digital Transformation Agency (dta.gov.au)