Adhere to cyber security policy

Minimum you need to do

Adhere to the NSW Cyber Security Policy

Mandatory requirements and reporting

The NSW Cyber Security Policy sets out the mandatory requirements for NSW Government departments and agencies to manage cyber security risks to their information and systems.  

It is mandatory for NSW Government agencies to report back to the NSW Cyber Security team on how they have adhered to the requirements in the policy.  

You should engage your agency or cluster information management and cyber security team early on in your design process. Work with them to help you meet your agency reporting obligations. 

Identify and report ‘crown jewels’

All NSW Government agencies have their own process to identify ‘crown jewels’. Speak to your agency or department cyber security team at the outset to identify whether your system and/or data is a ‘crown jewel’. 

‘Crown jewels’ are ‘the most valuable or operationally vital systems or information in an organisation’.  
NSW Cyber Security Policy 

You must cover all ‘crown jewels’ under an Information Security Management System (ISMS) or Cyber Security Management System (CSMS). Your agency will need to report it to Cyber Security NSW. 

How to show you have adhered to cyber security policy

You will have:

  • engaged your agency or department security and information team at the outset 

  • complied with all mandatory reporting requirements in the NSW Cyber Security Policy. 

Last updated