Status and Details

Status and Details

This page contains information about the status, approval and implementation of this version of the document. It also contains information contact details for the subject matter expert.  To the right, a brief summary of the changes between this and the previous version is provided.

Information Security Policy

Show Field Notes
Status Current Indicates if this version of the document is in effect (Current), yet to come into effect (Future), or expired (Historic).
Effective Date 9th June 2022 This is the date on which this version of the document came into effect.
Review Date 9th June 2024 The next review of this document is scheduled to commence on this date.
Approval Authority Chief Operating Officer The noted authority approved this is version of the document.
Approval Date 30th May 2022 This is the date on which this version of the document was approved by the authorised authority.
Expiry Date Not Applicable This is the date on which this version expires. It may still apply, conditionally, after this date.
Responsible Executive Anthony Molinia
Chief Digital & Information Officer
+61 49138713
This is the senior officer with responsibility for the document.
Enquiries Contact Information Security Team General enquiries should be directed to the officer/area listed.

Summary of Changes from Previous Version

8 April 2024:  Added reference to Staff Code of Conduct. Approved as administrative amendment, University Secretary.


13 February 2024: Amendment to clause 46. Approved as administrative amendment, University Secretary.


10 October 2022:  Associate Director, Enablement amended to Associate Director, Cyber Security and ITGCR. Approved as administrative amendment, University Secretary.


The Information Security Policy is structured and aligned to the industry standard ISO27002 control groups. As the ISO standard remains unchanged, there has been no requirement to make wholesale changes to the Policy document. All revisions are minor in nature, aimed at ensuring that all clauses are specific and unambiguous. A new clause 8 has been added to ensure that the definition of controls are primarily aligned to the Australian Government's Information Security Manual (ISM). Whilst the definition of controls has been aligned to the ISM for some time, it has been done by convention rather than as a Policy recommendation.



Clauses Amended:Policy/Schedule: 2,6, 7-9, 11, 15, 21, 28, 32, 44- 45, 50


 




07/07/2023: Position name changed from Chief Information Officer (CIO) to Chief Digital & Information Officer (CDIO)