Outcome

Each South Australian Government agency is responsible for maintaining the confidentiality, integrity and availability of all official information.

To support agencies to achieve this outcome, the SAPSF includes three Information Security (INFOSEC) policies, each comprised of one core requirement and varying number of supporting requirements.

Note: Agencies are reminded of the changes made to information classification that were approved in November 2019. All agencies are required to transition to the new South Australian Information Classification System (ICS) by 1 December 2020. The Information Security (INFOSEC) policies that accompanied the ICS are now incorporated into the SAPSF.

INFOSEC1: Protecting official information

Core requirement: Protect the agency’s information against compromise

This policy ensures all South Australian Government agencies protect their information assets from compromise. It outlines the South Australian Information Classification System (ICS) and associated guidance which all agencies must use to protect the confidentiality, integrity and availability of all official information.

Learn more.

INFOSEC2: Accessing official information

Core requirement: Ensure official information is available to those who need it

This policy ensures all South Australian Government agencies provide timely, reliable and appropriate access to official information to assist in facilitating efficient and effective delivery of government services.

Learn more.

INFOSEC3: Robust ICT and cyber security

Core requirement: Safeguard ICT systems from compromise to ensure confidentiality, integrity and availability of official information is maintained

This policy describes how all South Australian Government agencies can safeguard their information and communication technology (ICT) systems to ensure the confidentiality, integrity and availability of official information, by applying the policies of the South Australian Cyber Security Framework (SACSF).

Learn more.

South Australian Information Classification System

The South Australian Information Classification System (ICS) commenced on 1 December 2019. It is the information classification system all South Australian public sector agencies must use when assessing the confidentiality, integrity and availability of their information assets to ensure appropriate classification, protective markings and handling requirements are assigned.

All agencies must be fully transitioned to the ICS by 1 December 2020.

Learn more.