Useful Links

NSW Government

State Owned Corporations Act 1989 (

State Records Act 1998 (

Privacy and Personal Information Protection Act 1998

Health Records and Information Privacy Act 2002 (

Government Information (Public Access) Act 2009 (

Government Sector Employment Act 2013

Data Sharing (Government Sector) Act 2015 (

The NSW State Infrastructure Strategy 2018-2038 (

NSW Government Cyber Incident Emergency Sub Plan (

Internal Audit and Risk Management Policy for the General Government Sector (TPP20-08)

Department of Customer Service

NSW Government Information Classification Guidelines (

NSW Government Cyber Security Strategy (

Managing data and information, 2013 (

DCS-2020-05 Cyber Security NSW directive – Practice Requirements for NSW Government

DCS-2021-02 NSW Cyber Security Policy

Information and Privacy Commission NSW

Guidance on Data Breaches, May 2018 (

NSW Audit Office

Detecting and responding to cyber security incidents

NSW Treasury

Risk management toolkit (

State Archives and Records Authority of NSW

Standard on Records Management, 2018 (

Using cloud computing services: implications for information and records management, 2015 (

Storage of State records with service providers outside of NSW, 2015 (

Australian Government – Home Affairs

Security of Critical Infrastructure Act 2018 (

Australia’s Cyber Security Strategy, 2020 (

Australian Government - Attorney-General’s Department

The Protective Security Policy Framework (

Relevant Australian and international standards ( rces/Pages/relevant-australian-and-international-standards.aspx)

Australian Government - Australian Signals Directorate

Information Security Manual (

Australian Government – Office of the Australian Information Commissioner

Australian privacy Principles guidelines, 2014 (

International Organization for Standardization

ISO 22301 Societal Security – Business continuity management systems – Requirements (

ISO 27031 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (

ISO 27032 Information technology – Security techniques – Guidelines for cybersecurity (

National Institute of Standards and Technology

Framework for Improving Critical Infrastructure Cybersecurity (

New Zealand National Cyber Security Centre

Introduction: Cyber security governance

Step One: Building a culture of cyber resilience

Step Two: Establishing roles and responsibilities

Step Three: Holistic risk management

Step Four: Cyber security collaboration

Step Five: Create a cyber security programme

Step Six: Measuring resilience