Information security policy - IS18 mandatory clauses


This Queensland Government Information Security Policy – Mandatory Clauses document (‘this document’) details the mandatory clauses which must be included in agency’s Information Security Policy as per the requirements of Information Standard 18: Information Security (IS18). In addition, this document also provides context to the mandatory clauses by structuring them within an example information security policy, with additional guidance provided on other issues which agencies may wish to consider when developing their policies. An agency’s information security policy provides a governance for information security management, direction and support within the agency. The development and approval of an agency’s information security policy not only establishes management commitment and governance arrangements, but defines the agency’s policy in all aspects of information security, including asset management, human resource management and compliance.

DocumentIS18 Mandatory Clauses (DOC, 952.5 KB)
IS18 Mandatory Clauses (PDF, 688.71 KB)
Document typePolicy
VersionFinal v1.0.1
Approved dateNovember 2010
Last updatedFebruary 2012
Security classificationPublic

Last Reviewed: 18 August 2017