Information security and identity management
Information security management
Information Standard 18: Information Security (IS18) specifies the processes, controls and mechanisms we must implement to:
- protect personal information
- prevent fraud and corruption
- manage the security and integrity of public records
- identify, manage and mitigate vulnerabilities and risks
- protect and make available financial information.
Managers must protect security-classified information that is processed, stored or transmitted according to the Queensland Government information security classification framework (QGISCF).
Managers must also:
- manage information security compliance
- manage information security risks
- apply appropriate controls to local systems and processes to reduce risks and maintain QGISCF compliance.
Personal information can be almost any information or opinion associated with a person whose identity is apparent from the information or context in which it is presented.
The Information Privacy Act 2009 dictates our responsibilities in this area.
Any personal information collected, stored, used or disclosed must be managed in accordance with the Act.
You are responsible for ensuring you comply with the Act to:
- only use personal information for the purpose for which it was obtained
- only disclose personal information if the person(s) concerned have all consented to the disclosure, or you have been given an exception under the Act.