Queensland Government Enterprise Architecture (QGEA)

QGEA Reporting requirements

Some Queensland Government Enterprise Architecture (QGEA) policies contain reporting requirements. These are clearly noted in each policy.

Generally, reporting will only apply to departments, and to government bodies in scope of specific policies with broader applicability. See How to apply the QGEA for more.

Policy name

Requirement

Date

Digital community engagement policy

Departments must notify Queensland Online about new engagements and engagement findings reports to ensure publishing on the central listing and to close the engagement loop.

Email getinvolved@smartservice.qld.gov.au about new engagements and findings.

As known.

ICT resources strategic planning policy

  • The reporting requirements submitted as per the current QGEA ICT profiling standard (government log-in required)
  • The draft or endorsed ICT initiatives and activities submitted as part of their work plan and as per the current QGEA ICT profiling standard (government log-in required).

As per ICT profiling standard

ICT SME participation scheme policy

Departments must report awards made to Small to Medium Enterprises (SMEs) under the SME Access incentive in the ICT industry providing innovative solutions up to the value of $500,000 (inclusive of GST). To assess the benefits of this change to the SME Scheme the following information is required:

  • Date of award
  • Total value of award
  • SME status
  • Overview of the solution
  • Key business benefit of the delivered solution

Quarterly - March, June, September, December

Information governance policy

Provide the department’s or Queensland Government ICT service provider’s draft or endorsed information management initiatives.

For further information please see the QGEA ICT profiling standard (government log-in required) and the Work plan template.

Supporting guidance is available in Information security requirements and responsibilities and the Information management work plan guideline.

31 July every year

Information and cyber security policy (IS18)

For each financial year ending 30 June, agencies must submit to the Queensland Government Cyber Security Unit (CSU) an Information security annual return that has been endorsed by the agency’s accountable officer.

Annually at 30 September

Agencies must engage with the CSU at the earliest opportunity to report applicable incidents in the format and timeframes defined in the Information Security Incident reporting standard.

The QGCSU encourages all Queensland Government entities (including local government) to report incidents at the earliest opportunity to the CSU to enable support and the sharing of timely threat intelligence.

 Ongoing
Last updated:
9 September 2025