Skip links and keyboard navigation

Restrictions on the use of artificial intelligence (AI) platform DeepSeek on government provided devices are now in place.

Read the policy

QGEA directions and guidance

Search all QGEA policies and standards

Search

Reset

Displaying search results 1 - 10 of 220

Data encryption standard

Standard | June 2019–current
CurrentMandated

The Data encryption standard outlines the minimum requirements for encryption and management of encrypted, Queensland Government owned data (in use, in transit, and at rest).

Information and cyber security policy (IS18)

Policy | February 2025–current
CurrentMandated

Identifying and managing risks to information, applications and technologies, through their lifecycle, using Information Security Management Systems.

Requirements

  1. Agencies must implement an ISMS based on ISO 27001.
  2. Agencies must apply a systematic and repeatable approach to security risk management.
  3. Agencies must meet minimum information security requirements .
  4. Accountable officers must obtain security assurance for systems.
  5. Accountable officers must attest to the appropriateness of agency information security.

Metadata management principles

Principle | March 2019–current
CurrentMandated

This document provides guidance on metadata management for those departments that currently produce, collect, manage, store, publish or share information.

Artificial intelligence governance policy

Policy | September 2024–current
CurrentMandated

Ensuring agency strategic planning for AI demonstrates a structured and consistent approach when evaluating AI solutions for transparency, accountability, and risk.

Requirements

  1. Agencies must use a consistent and evidence-based process which incorporates an ethical framework to evaluate their transparency, accountability, and risk associated with the AI lifecycle.
  2. Agencies must establish AI governance arrangements based on ISO 38507.

Software asset management policy

Policy | March 2010–current
CurrentMandated

This policy states the Queensland Government’s direction in regards to Software Asset Management of all third-party software licences and associated electronic media purchased by agencies.

Requirements

  1. Agencies must develop and implement a software asset management policy and associated procedures.
  2. Agencies must implement registers and processes to monitor, record and manage software licence use.
  3. The State of Queensland will be the owner of all software licences.

ICT resources strategic planning policy

Policy | November 2023–current
CurrentMandated

Ensuring ICT resources strategic planning is supported by a structured and consistent approach for managing current ICT assets and planning for current and future investments.

Requirements

  1. Departments must use a consistent and evidence based approach for ICT resources strategic planning..
  2. Departments must establish ICT governance arrangements with reference to ISO 38500.

Portfolio, program and project management and assurance policy

Policy | June 2024–current
CurrentMandated

The adoption of portfolio, program and project management strengthens governance and assurance practices of digital and ICT-enabled initiatives which improves the successful delivery of public services across Queensland Government.

Requirements

  1. Effective and consistent portfolio, program and project management.
  2. Structured, effective and consistent portfolio, program and project assurance.
  3. Structured, effective and consistent portfolio, program and/or project office model.

Information management strategic framework

Framework | June 2012–current
CurrentMandated

This document sets the overall direction for the Queensland Government's information management practice. It seeks to ensure that in all aspects of our work we apply the fundamental principles, quality assurance, and life cycle management policies inherent in good information management.