2.1 Information security

The Ministerial Information Security Policy (the Policy) sets out the security requirements that users accessing services through the ministerial network need to be aware of and comply with. The Policy includes information on the use of Internet, email and social media.

Use of IT systems must be able to withstand public scrutiny and comply with applicable laws, regulations and guidelines.

All users have a responsibility to be ethical and efficient in their use of IT systems. Use of the IT systems may be monitored.

Email and internet use

A ministerial email account is provided for ministerial portfolio-related business, which is business and activities associated with any of the Minister’s portfolio responsibilities as detailed in the relevant Administrative Arrangements Order.

Users must ensure all ministerial portfolio-related business is conducted only through their ministerial email account. This is the only approved email system for use for ministerial portfolio-related business. Controls are put in place to maintain the confidentiality, integrity and availability of the system.

If a communication is received in a private email account that relates to ministerial portfolio-related business it must be forwarded from the private email account to the official ministerial email account within 20 days of receipt of the email. If a response is required, a ministerial email account should be used to respond.

Messaging applications

Messaging applications such as Facebook Messenger, SnapChat, Wickr Me and WhatsApp should not be used for ministerial portfolio-related business.

Mobile devices

The standard for smart phones/tablets supported on the network is approved by the Office of the Premier.

Privately owned devices (sometimes known as BYO) will only be connected to the ministerial network if approved by the Minister or relevant Chief of Staff. Those using approved privately owned devices must sign a BYO policy document. Approved devices are managed via the ministerial mobile device management software. Unapproved devices will be seen as a breach to ministerial network security and will be disabled.

Data usage on ministerial-issued devices (including approved privately owned devices) should be monitored closely, as Ministerial Services will not reimburse costs for excessive data usage.

Smart phones/tablets can contain sensitive information. A lost device (including approved privately owned devices) must be reported immediately to the Ministerial Services IT Service Desk who can remotely disable and securely erase the device.

Users travelling overseas with ministerial issued devices must contact Ministerial Services to ensure the appropriate actions have taken place to protect information and avoid hefty international roaming charges on either work provided or personal devices.