Search all QGEA policies and standards

Search

Keywords

-- Leave empty --MandatedNon-mandated

Include non-mandated documents

-- Leave empty --CurrentSupersededRepealed

Include superseded and repealed documents

Category

Artificial intelligenceCustomer experienceCyber securityDigital capabilityDigital identityEmployee experienceInformationPlanning and investmentReference models

Document type

PolicyExampleFactsheetFrameworkGuidelineMethodologyPrincipleStandardStrategyTemplate

Reset

Sort by MandatedNameStatusRelevance

Displaying search results 1 - 10 of 25

Queensland Government authentication framework (QGAF)

Framework | November 2010–current

CurrentMandated

The purpose of the Queensland Government Authentication Framework (QGAF) is to provide a framework for agencies to use when determining authentication requirements

Information security policy (IS18:2018)

Policy | June 2019–current

CurrentMandated

Identifying and managing risks to information, applications and technologies, through their lifecycle, using Information Security Management Systems.

Requirements

1. Departments must implement an ISMS based on ISO 27001.
2. Departments must apply a systematic and repeatable approach to risk management.
3. Departments must meet minimum security requirements.
4. Departments accountable officers must obtain security assurance for systems.
5. Accountable officers must attest to the appropriateness of departmental information security.

Data encryption standard

Standard | June 2019–current

CurrentMandated

The Data encryption standard outlines the minimum requirements for encryption and management of encrypted, Queensland Government owned data (in use, in transit, and at rest).

Information security classification framework (QGISCF)

Framework | November 2024–current

CurrentMandated

The Queensland Government information security classification framework (QGISCF) sets the minimum requirements for information asset security classification

Information security incident reporting standard

Standard | September 2024–current

CurrentMandated

The Information security incident reporting standard was developed to provide agencies advice in meeting their information security incident reporting requirements under the Information security policy (IS18).

Use of TikTok application policy

Policy | April 2023–current

CurrentMandated

The purpose of this policy is to help departments manage the risks associated with the TikTok application and provide consistency with the federal government policy.

Requirements

1. Agencies must ensure that the TikTok application is not installed on any government-owned device.

Executive guide to security incident management

Guideline | October 2017–current

CurrentNon-mandated

This short guideline aims to assist senior executives during the information security incident management cycle.

QGAF templates

Template | August 2017–current

CurrentNon-mandated

Queensland Government Authentication Framework templates

Vulnerability disclosure guideline

Guideline | June 2020–current

CurrentNon-mandated

To assist departments in managing vulnerability risks discovered by individuals.

ICT asset disaster recovery planning guideline

Guideline | November 2010–current

CurrentNon-mandated

This guideline has been developed for agencies to use when documenting their ICT asset disaster recovery (DR) arrangements