The information domain includes the processes and systems for the handling of organisational information to ensure the confidentiality, integrity and availability throughout its lifecycle.

Desired outcome

Each South Australian Government agency is responsible for maintaining the confidentiality, integrity and availability of all official information.

To support agencies to achieve this outcome, the South Australian Protective Security Framework (SAPSF) includes three Information Security (INFOSEC) policies, each comprised of one core requirement and varying number of supporting requirements.

Information Security Policies

Purpose

This policy ensures all South Australian Government agencies protect their information assets from compromise. It outlines the South Australian Information Classification System (ICS) and associated guidance, which all agencies must use to protect the confidentiality, integrity and availability of all official information. The requirements of this policy are designed to mitigate against both intentional and accidental threats and reduce the impact on government business.

Core requirement 

Protect official information against compromise

Download: INFOSEC1 Guidance (PDF, 1.4 MB)

Access: INFOSEC1 Guidance

Purpose

This policy ensures all South Australian Government agencies provide timely, reliable, and appropriate access to official information to assist in facilitating efficient and effective delivery of government services. Availability of accurate information aides in the development of new products and services, enhances consumer and business outcomes and assists with decision-making and policy development.

Core requirement

Ensure official information is available to those who need it

Download: INFOSEC2 Guidance (PDF, 944.2 KB)

Access: INFOSEC2 Guidance

Purpose

This policy describes how all South Australian Government agencies can safeguard their information and communication technology (ICT) systems to ensure the confidentiality, integrity and availability of official information. This includes defending against common and emerging cyber threats (e.g. bots, malware, ransomware, spam) and the threat of malicious insiders, while facilitating the continuous delivery of government business.

Core requirement 

Safeguard ICT systems from compromise to ensure confidentiality, integrity and availability of official information is maintained

Download: INFOSEC 3 Guidance (PDF, 655.9 KB)

Access: INFOSEC3 Guidance

The South Australian Information Classification System (ICS) commenced on 1 December 2019. It is the information classification system all South Australian public sector agencies must use when assessing the confidentiality, integrity and availability of their information assets to ensure appropriate classification, protective markings and handling requirements are assigned.

The ICS replaces the classifications previously outlined in the Information Security Management Framework (ISMF).

The ICS is based upon the Commonwealth Government’s sensitive and classified information requirements under the Protective Security Policy Framework (PSPF) with some modifications to suit the South Australian context.

South Australian Information Classification System overview (PDF, 226.7 KB)