⚙️Build trust faster with streamlined custody and AI-driven assurance. Register now
MarketplaceCybersecurity
CybersecurityGuidelineIn 6clicks App

IS18Information and Cyber Security Policy (IS18)

The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.

Talk to a GRC ExpertView source ↗
The IS18 is a mandatory policy for Queensland Government agencies aimed at ensuring a consistent, risk-based approach to information and cyber security. Agencies must implement an Information Security Management System (ISMS) aligned with ISO 27001, manage risks systematically, and meet defined minimum security requirements including compliance with the Essential Eight Strategies. The policy also requires annual security assurance attestations by accountable officers and incident reporting to the Queensland Government Cyber Security Unit. The scope covers all information systems, applications, technologies, and their associated risks, with guidance on operational technology and supply chain management. By adopting IS18, the government aims to align with international standards, reduce cybersecurity risks, and improve resilience.
#information security#iso 27001#essential eight#risk management#cyber resilience#government

Related in Cybersecurity

CybersecurityGuidelineIn 6clicks App

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Issuer
US Department of Homeland Security (DHS)
Jurisdiction
United States
Version
2
Updated
Apr 2023
View detailszero trust · cybersecurity
CybersecurityGuidelineIn 6clicks App

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

Issuer
European Banking Authority (EBA)
Jurisdiction
European Union
Version
2025 update
Updated
Jul 2025
View detailsict risk · security management
CybersecurityFrameworkIn 6clicks App

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Issuer
U.S. Department of Energy
Jurisdiction
United States
Version
2.1
Updated
Jun 2022
View detailscybersecurity · maturity model