What are the information security policies?

The Queensland Government Information security policy

The Queensland Government has an overarching Information security policy (IS18:2018). It was approved on 13 December 2017 by the Queensland Government Chief Information Officer. Agencies are now required to follow this policy.

It sets out the five policy requirements on agencies and identifies high level minimum security requirements.

Information security policy (IS18:2018) reporting due 30 October 2019

The Information security annual return for the period 1 July 2018 to 30 June 2019 has now been released. To assist agencies in completing their reports a frequently asked questions page has been developed.

Annual returns are to be sent to qgcio@qgcio.qld.gov.au by 30 October 2019. If your agency is unable to make the deadline, please refer to the QGEA exceptions process.

Understanding Information security policy (IS18:2018) applicability

If your organisation is unsure of their responsibilities under IS18:2018, see the Applicability of the QGEA and QGEA and government bodies under the FPMS.

The Cyber Security Unit has created a list of entities directed to comply with the Information security policy (IS18:2018).

Policy and standards under the information security policy

The information security policy also refers to a number of other policies which place mandatory security requirements on agencies

Information security guidelines

The Queensland Government produces many guidelines to assist agencies meet the requirements of the Information Security Policy.

Please go to - How should I secure my information?


Last Reviewed: 03 August 2017