Useful Links

NSW Government

State Owned Corporations Act 1989 (https://www.legislation.nsw.gov.au/#/view/act/1989/134)

State Records Act 1998 (https://www.legislation.nsw.gov.au/#/view/act/1998/17)

Privacy and Personal Information Protection Act 1998 (https://www.legislation.nsw.gov.au/#/view/act/1998/133)

Health Records and Information Privacy Act 2002 (https://www.legislation.nsw.gov.au/#/view/act/2002/71)

Government Information (Public Access) Act 2009 (https://www.legislation.nsw.gov.au/#/view/act/2009/52)

Government Sector Employment Act 2013 (https://legislation.nsw.gov.au/#/view/act/2013/40)

Data Sharing (Government Sector) Act 2015 (https://www.legislation.nsw.gov.au/#/view/act/2015/60/full)

The NSW State Infrastructure Strategy 2018-2038 (https://www.nsw.gov.au/improving-nsw/projects-and-initiatives/nsw-state-infrastructure-strategy/)

NSW Government Cyber Incident Emergency Sub Plan (https://www.emergency.nsw.gov.au/Documents/plans/sub-plans/cyber-security-incident-sub-plan.pdf)

Department of Customer Service

NSW Government Information Classification Guidelines (https://www.digital.nsw.gov.au/policy/managing-data-information/information-classification-handling-and-labeling-guidelines)

NSW Government Cyber Security Strategy (https://www.digital.nsw.gov.au/sites/default/files/NSW%20Cyber%20Security%20Strategy%202018.pdf)

NSW Cyber Security Policy (/sites/default/files/NSW%20Cyber%20Security%20Policy%202020%20v3.0.pdf)

Managing data and information, 2013 (https://www.digital.nsw.gov.au/support-services/data-information/managing-data-information)

Information and Privacy Commission NSW

Guidance on Data Breaches, May 2018 (https://www.ipc.nsw.gov.au/data-breach-guidance)

NSW Audit Office

Detecting and responding to cyber security incidents (https://www.audit.nsw.gov.au/publications/latest-reports/detecting-and-responding-to-cyber-security-incidents)

NSW Treasury

Risk management toolkit (https://www.treasury.nsw.gov.au/information-public-entities/governance-risk-and-assurance/internal-audit-and-risk-management/risk)

State Archives and Records Authority of NSW

Standard on Records Management, 2018 (https://www.records.nsw.gov.au/recordkeeping/rules/standards/records-management)

Using cloud computing services: implications for information and records management, 2015 (https://www.records.nsw.gov.au/recordkeeping/advice/using-cloud-computing-services)

Storage of State records with service providers outside of NSW, 2015 (https://www.records.nsw.gov.au/recordkeeping/advice/storage-and-preservation/service-providers-outside-nsw)

Australian Government – Home Affairs

Security of Critical Infrastructure Act 2018 (https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/security-coordination/security-of-critical-infrastructure-act-2018)

Australia’s Cyber Security Strategy, 2016 (https://cybersecuritystrategy.homeaffairs.gov.au/)

Australian Government - Attorney-General’s Department

The Protective Security Policy Framework (https://www.protectivesecurity.gov.au/Pages/default.aspx)

Relevant Australian and international standards (https://www.protectivesecurity.gov.au/resou rces/Pages/relevant-australian-and-international-standards.aspx)

Australian Government - Australian Signals Directorate

Information Security Manual (https://acsc.gov.au/infosec/ism/)

Australian Government – Office of the Australian Information Commissioner

Australian privacy Principles guidelines, 2014 (https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/)

International Organization for Standardization

ISO 22301 Societal Security – Business continuity management systems – Requirements (https://www.iso.org/standard/50038.html)

ISO 27031 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity (https://www.iso.org/standard/44374.html)

ISO 27032 Information technology – Security techniques – Guidelines for cybersecurity (https://www.iso.org/standard/44375.html)

National Institute of Standards and Technology

Framework for Improving Critical Infrastructure Cybersecurity (https://www.nist.gov/cyberframework)