Information Security Policy – IS18:2018

The updating of IS18 has created an opportunity to re-energise information security policy in Queensland Government.  This opportunity allows a refocus on the importance of information security, how it is implemented, reporting considerations and focus change from current governance to agencies making informed risk decisions.

This page will be updated with the latest developments on the process of moving from IS18 to the new information security policy incorporating an ISMS based on ISO 27000.

New policy

The new information security policy (IS18:2018) was approved on 13 December 2017 by the Queensland Government Chief Information Officer. Departments will be required to follow the new policy from October 2018. Until then, the old IS18 policy will remain in force.

The IS18:2018 policy can be found here: Information Security policy

Supporting documents

Implementing a new policy does have challenges.  To assist agencies, supporting documents have been created.  If you believe additional documents are required, please email with your suggestions.

  • Draft SoA (security checklist)
  • Draft scope statement
  • Proposed implementation schedule
  • Draft implementation documents
  • Classification Policy template (DOCX, 67.51 KB)
  • Cyber Security Risk Appetite template (DOCX, 25.77 KB)
  • ISMS SOA template (XLSX, 416.8 KB)

Community of practice

A Community of Practice has been established to raise awareness of information security and share information, methods and tools to assist agencies in operating a standards based Information Security Management System (ISMS).

The Community of Practice uses sharepoint for communication.  If you wish to be involved, please follow this link: ISMS Community of Practice sharepoint

The Community of Practice meets monthly. Please contact for more information.

ISMS Implementation Training workshops

ISMS Implementation Training workshops were held in October and November 2017. The workshops were available to Queensland Government departments, and were funded by the QGCIO Cyber Security Unit to seed knowledge about ISMS’s.

Depending on demand, additional workshops may be held. If you are interested, please contact

Course material has been made freely available to Queensland Government to deliver future training:

ISO 27000 suite

ISO 27000 will play an important part in the new information security policy.  Important modules of the suite have been made available free of charge to Queensland Government departments.  To access the available modules, please click here.

Last Reviewed: 03 August 2017