Home
Contact
SA today
Do it online
Events
My account
Top 5
Licence disqualification & demerit points
Bus, train and tram timetables
Disability
Applying for a boat licence
Energy efficiency
Directories
Government
Departments
A to Z websites
Premier and Ministers
Community
Directory listing
Crisis helplines
Aboriginal support
Grants
Schools and services
Locate a school
My tags
Government
Government
Department of the Premier and Cabinet
Chief Information Officer
Office of the Chief Information Officer
About us - Office of the Chief Information Officer
What we do
Policies, standards and guidelines
Security
Key info
Structure
About us
Policies
Information Security Management Framework
(
PDF 3.2 MB
) (
DOCX 2.5 MB
)
The Information Security Management Framework (ISMF) addresses cyber security in the Government of South Australia, and consists of 40 policies supported by 140 standards. It is a business driven risk-based approach that is aligned with the
Australian Government Protective Security Policy Framework
and the 27001 international standard for information security management systems.
The ISMF applies to South Australian Government agencies and suppliers whose contractual requirements include it.
Supplementary standards
Additional standards issued as external ISMF publications are:
ISMF Standard 137 – Information Security Management
(
PDF 250 KB
) (
DOCX 3.2 MB
)
This standard supports legacy purchasing arrangements and contracts that are yet to be refreshed to reflect ISMF version 3. This standard makes it possible for such contracts to be relayed to the new framework.
ISMF Standard 138 - Privacy and confidentiality
(
PDF 250 KB
) (
DOCX 3.2 MB
)
Each agency must define ‘authorised access’ for all its data, for example, who has access, what authority is required and the level of access allowed. This information is contained in
Cabinet Circular Number 12
(Cabinet Administrative Instruction 1/89) titled Information Privacy Principles.
ISMF Standard 139 - Security in an outsourced environment
(
PDF 250 KB
) (
DOCX 3.2 MB
)
Contracts with external service providers must specify agency-approved information on security policies and procedures. Such contracts must contain provisions to indemnify the Government of South Australia and its agencies against the outcomes of violations to the policies and procedures.
ISMF Standard 140 - Notifiable incidents
(
PDF 280 KB
) (
DOCX 3.5 MB
)
Agencies and applicable suppliers must notify the Office of the Chief Information Officer about incidents which disrupt or have the potential to disrupt government information and communication technology services. A standalone version of the
incident report form
is also available by clicking
here
Guidelines and utilities to support ISMF implementation
The following guidelines and utilities assist agencies and applicable suppliers in adhering to the requirements of the ISMF:
ISMF Guideline 1 - Securing smart-phones and other portable storage devices
(
PDF 170 KB
) (
DOCX 780 KB
)
ISMF Guideline 2 - Personnel vetting and security clearances
(
PDF 200 KB
) (
DOCX 790 KB
)
ISMF Guideline 3 - Critical ICT
(
PDF 160 KB
) (
DOCX 785 KB
)
ISMF Guideline 4 - Developing cyber security standards, plans and guidelines
(
PDF 450 KB
) (
DOCX 2 MB
)
ISMF Guideline 5 - Reporting and reviewing security incidents
(
PDF 200 KB
) (
DOCX 1.5 MB
)
ISMF Guideline 6 - Home-based work and telecommuting
(
PDF 240 KB
) (
DOCX 1.5 MB
)
ISMF Guideline 7 - Departing personnel
(
PDF 200 KB
) (
DOCX 1.5 MB
)
ISMF Guideline 8 - Cloud computing
(
PDF 170 KB
) (
DOCX 5 MB
)
ISMF Guideline 9 - Cyber security in procurement activities
(
PDF 180 KB
) (
DOCX 800 KB
)
ISMF Guideline 10 - Transition guidance for agencies and suppliers
(
PDF 160 KB
) (
DOCX 785 KB
)
ISMF Guideline 11 - New classification scheme for confidentiality of information and associated assets
(
PDF 577 KB
) (
DOCX 827 KB
)
ISMF Guideline 12 - Legal, regulatory and contractual compliance requirements
(
PDF 200 KB
) (
DOCX 796 KB
)
ISMF Guideline 13 - Roles and responsibilities in establishing and maintaining an Information Security Management System
(
PDF 1.2 MB
) (
DOCX 846 KB
)
ISMS Statement of Applicability tool (for use with ISMF version 3.1)
(
XLS 565 KB
)
This spreadsheet will help scope and define the applicable policies, standards and controls from the ISMF for a given location, business function or ICT system. The spreadsheet can also be used to describe what standards and controls have been applied to a given environment during an ICT audit.
Further information
Security and Risk Assurance
Email:
DTEI.GovtICTSCIP@sa.gov.au
Related Tags:
government policy
,
policy
,
security
,
information security management framework
,
ismf
,
cyber security
,
ict security
Share