Web application security testing guideline Guideline | December 2011–current CurrentNon-mandated This guideline helps agencies ensures the confidentiality, integrity and availability of the agency data of web applications they use.
ICT-as-a-service security assurance guideline Guideline | June 2016–current CurrentNon-mandated This document provides information and advice to support Queensland Government agencies in gaining adequate assurance of planned cloud and ICT as-a-service offerings through the evaluation, service integration design, contract and procurement activities.
Essential Eight guideline Guideline | November 2024–current CurrentNon-mandated Providing information and advice for Queensland Government agencies to consider when assessing the implementation of policy requirement 3 of the QGEA Information and cyber security policy,
ICT asset disaster recovery planning guideline Guideline | November 2010–current CurrentNon-mandated This guideline has been developed for agencies to use when documenting their ICT asset disaster recovery (DR) arrangements
Information security assurance and classification guideline Guideline | July 2018–current CurrentNon-mandated Provides advice about the quantity and quality of information security assurance that is reasonable regarding the security of information at differing business impact levels.
Reducing password frustration guideline Guideline | January 2025–current CurrentNon-mandated Password frustration can be experienced by computer users who are required to remember multiple usernames and passwords, and is compounded when passwords must be changed frequently.
Cybersecurity insurance for Queensland Government agencies Guideline | December 2019–current CurrentNon-mandated Agencies participating in the Queensland Government Insurance Fund are covered for damage from cyber events.
Agency information security attestation statement example Template | June 2025–current CurrentNon-mandated To assist agencies in their 2024-2025 Information and cyber security policy (IS18) reporting.
Deployment of intrusion detection and prevention systems guideline Guideline | September 2011–current CurrentNon-mandated To assist agencies with the development, implementation and management of IDPS, within the agency’s ICT environment
Business continuity management and ICT disaster recovery implementation fact sheet Factsheet | October 2019–current CurrentNon-mandated In the event of a disaster, agencies must be able to function effectively and ICT is a substantial component of this.