IS18 Support

  • PDF


The 2017 Information Security Compliance Checklist (XLSX) (135.01 KB)  is to be completed and returned to This email address is being protected from spambots. You need JavaScript enabled to view it. by 30 October 2017.

For information on previous years compliance checklists, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.


Policy and standards
Information Standard 18: Information Security (IS18)
IS18 implementation guideline
Information security policy - mandatory clauses
Information security compliance checklist
Queensland Government Information Security Controls Standard (QGISCS)
Information security incident reporting standard
Information security incident reporting spreadsheet
ICT-as-a-service offshore data storage and processing policy


Network Transmission Security Assurance Framework (NTSAF)
Queensland Government Authentication Framework
  QGAF automated spreadsheet (requires macros to be
     enabled) (XLS, 149KB)
  QGAF authentication concepts (DOC, 591KB)
  QGAF case studies (DOC, 230KB)
  QGAF identity and registration concepts (DOC, 548KB)
Queensland Government Information Security Classification Framework (QGISCF)
Queensland Government Information Security Policy Framework (QGISPF)


Email disclaimer guideline
ICT asset disaster recovery planning guideline
ICT infrastructure change management guideline
Information security external party governance guideline
Information security incident category guideline
Information security incident management guideline
Information security internal governance guideline
Patch management guideline
Deployment of intrusion detection and prevention systems guideline
Web application security testing guideline
Reducing password frustration for Queensland Public Servants (Queensland Government employees only)

IS18 guidance material 

Please note: Some of the links on this page lead to sites not operated by this Department. The Department takes no responsibility for the content of these sites, nor does it endorse any opinions, advice or commercial goods or services that they might promote or contain.

Reference documents
Public Records Act 2002 (Qld)
Right to Information Act 2009 (Qld)
Protective Security Policy Framework (PSPF) - Australian Government 
Information Security Manual (ISM) - Australian Government 
Guide for General Security planning (QPS/DPC) (Queensland Government employees only)


Reference sites
Queensland Government Legislation
Government Information Technology Contracting Framework (GITC)
Standards Australia
Defence Signals Directorate - Technical information for mitigating targeted cyber intrusions
Office of the Information Commissioner (Transfering of personal information out of Australia)


 Template - Agency Information Security Policy – Example 2 (DOC, 216 kB)
 Template – Agency Information Security Policy – Example 3 (DOC, 53 kB)
 Template - Human Resource Security Policy – Example 1 (DOC, 43 kB)
 Template – Physical Security Policy – Example 1 (DOC, 43 kB)
 Template – Operational Management Security Policy – Example 1 (DOC, 49 kB)
 Template – Systems Development and Maintenance Policy – Example 1 (DOC, 42 kB)
 Template – Security Plan – Example 1 (DOC, 43 kB)
 Template – Access Control Policy – Example 1 (DOC, 45 kB)