Queensland Government authentication framework (QGAF) Framework | November 2010–current CurrentMandated The purpose of the Queensland Government Authentication Framework (QGAF) is to provide a framework for agencies to use when determining authentication requirements
Information security classification framework (QGISCF) Framework | November 2024–current CurrentMandated The Queensland Government information security classification framework (QGISCF) sets the minimum requirements for information asset security classification
Data encryption standard Standard | March 2025–current CurrentMandated The Data encryption standard outlines the minimum requirements for encryption and management of encrypted, Queensland Government owned data (in use, in transit, and at rest).
Information and cyber security policy (IS18) Policy | February 2025–current CurrentMandated Identifying and managing risks to information, applications and technologies, through their lifecycle, using Information Security Management Systems. Requirements Agencies must implement an ISMS based on ISO 27001. Agencies must apply a systematic and repeatable approach to security risk management. Agencies must meet minimum information security requirements . Accountable officers must obtain security assurance for systems. Accountable officers must attest to the appropriateness of agency information security.
Information security incident reporting standard Standard | September 2024–current CurrentMandated The Information security incident reporting standard was developed to provide agencies advice in meeting their information security incident reporting requirements under the Information security policy (IS18).
Executive guide to security incident management Guideline | October 2017–current CurrentNon-mandated This short guideline aims to assist senior executives during the information security incident management cycle.
IS18 applicability, exceptions and departures guideline Guideline | January 2025–current CurrentNon-mandated This guideline provides guidance on the applicability of IS18 for all government entities.
ICT-as-a-service security assurance guideline Guideline | June 2016–current CurrentNon-mandated This document provides information and advice to support Queensland Government agencies in gaining adequate assurance of planned cloud and ICT as-a-service offerings through the evaluation, service integration design, contract and procurement activities.
Vulnerability disclosure guideline Guideline | June 2020–current CurrentNon-mandated To assist departments in managing vulnerability risks discovered by individuals.
ICT asset disaster recovery planning guideline Guideline | November 2010–current CurrentNon-mandated This guideline has been developed for agencies to use when documenting their ICT asset disaster recovery (DR) arrangements