Search all QGEA policies and standards

Search

Keywords

-- Leave empty --MandatedNon-mandated

Include non-mandated documents

-- Leave empty --CurrentSupersededRepealedPreview

Include superseded and repealed documents

Category

Artificial intelligenceCustomer experienceCyber securityDigital capabilityDigital identityEmployee experienceInformationPlanning and investmentReference models

Document type

PolicyExampleFactsheetFrameworkGuidelineMethodologyPrincipleStandardStrategyTemplate

Reset

Sort by MandatedNameStatusRelevance

Displaying search results 1 - 10 of 28

Queensland Government authentication framework (QGAF)

Framework | November 2010–current

CurrentMandated

The purpose of the Queensland Government Authentication Framework (QGAF) is to provide a framework for agencies to use when determining authentication requirements

Information security classification framework (QGISCF)

Framework | November 2024–current

CurrentMandated

The Queensland Government information security classification framework (QGISCF) sets the minimum requirements for information asset security classification

Data encryption standard

Standard | March 2025–current

CurrentMandated

The Data encryption standard outlines the minimum requirements for encryption and management of encrypted, Queensland Government owned data (in use, in transit, and at rest).

Information and cyber security policy (IS18)

Policy | February 2025–current

CurrentMandated

Identifying and managing risks to information, applications and technologies, through their lifecycle, using Information Security Management Systems.

Requirements

1. Agencies must implement an ISMS based on ISO 27001.
2. Agencies must apply a systematic and repeatable approach to security risk management.
3. Agencies must meet minimum information security requirements .
4. Accountable officers must obtain security assurance for systems.
5. Accountable officers must attest to the appropriateness of agency information security.

Information security incident reporting standard

Standard | September 2024–current

CurrentMandated

The Information security incident reporting standard was developed to provide agencies advice in meeting their information security incident reporting requirements under the Information and cyber security policy (IS18).

Information security assurance and classification guideline

Guideline | July 2018–current

CurrentNon-mandated

Provides advice about the quantity and quality of information security assurance that is reasonable regarding the security of information at differing business impact levels.

IS18 applicability, exceptions and departures guideline

Guideline | January 2025–current

CurrentNon-mandated

This guideline provides guidance on the applicability of IS18 for all government entities.

Queensland Government cyber skills framework

Framework | June 2025–current

CurrentNon-mandated

The Cyber skills framework serves as a tool to assess, maintain and understand the skills, knowledge and attributes of the cyber workforce in the Queensland Government.

ICT-as-a-service security assurance guideline

Guideline | June 2016–current

CurrentNon-mandated

This document provides information and advice to support Queensland Government agencies in gaining adequate assurance of planned cloud and ICT as-a-service offerings through the evaluation, service integration design, contract and procurement activities.

Agency information security attestation statement example

Template | June 2025–current

CurrentNon-mandated

To assist agencies in their 2024-2025 Information and cyber security policy (IS18) reporting.