This content is currently in Alpha
How to design safe and secure services
Australian Government agencies are required to comply with the policy documents discussed in this guide. Over the coming months more guidance will be added.
The Protective Security Policy Framework
The Australian Government Protective Security Policy Framework (PSPF) outlines the policy framework and mandatory requirements to assist agencies consider the security implications of their ICT systems and to devise policies and plans to ensure they are appropriately protected. It is a mandatory requirement of the PSPF that agencies adopt a risk management approach to cover all areas of protective security activity across their organisation.
The PSPF defines 36 mandatory protective security requirements with which Australian Government agencies and bodies must demonstrate their compliance, with regard to:
- information security - including actively managing risks associated with electronic data transmission, aggregation and storage
- personnel security
- physical security.
The Information Security Manual
The Australian Government Information Security Manual (ISM) complements the PSPF. It is a set of controls to assist Australian government agencies in applying a risk-based approach to protecting information and ICT systems. The ISM also provides details of other organisations that have a role in information security in government.
Last updated: 26 March 2015