🤖 Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceCybersecurityIS18
CybersecurityGuideline

IS18

Information and Cyber Security Policy (IS18)

The Information and Cyber Security Policy (IS18) is a policy framework established by the Queensland Government to enhance information security and organizational resilience. It mandates the implementation of ISO 27001-based ISMS, systematic risk management, and compliance with the Australian Signals Directorate's Essential Eight Strategies for all Queensland Government agencies.

Book your strategy callView source ↗

Overview

The IS18 is a mandatory policy for Queensland Government agencies aimed at ensuring a consistent, risk-based approach to information and cyber security. Agencies must implement an Information Security Management System (ISMS) aligned with ISO 27001, manage risks systematically, and meet defined minimum security requirements including compliance with the Essential Eight Strategies. The policy also requires annual security assurance attestations by accountable officers and incident reporting to the Queensland Government Cyber Security Unit. The scope covers all information systems, applications, technologies, and their associated risks, with guidance on operational technology and supply chain management. By adopting IS18, the government aims to align with international standards, reduce cybersecurity risks, and improve resilience.

Related in Cybersecurity

CybersecurityStandard

ISM CCM — Information Security Manual Cloud Controls Matrix Template

The Cloud Controls Matrix (CCM) Template is a comprehensive framework for mapping cloud security controls to industry standards and compliance requirements. It helps organizations assess, implement, and demonstrate effective cloud security practices across diverse environments.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM SSP — Information Security Manual System Security Plan Annex Template

The System Security Plan (SSP) Annex Template is a structured document used to capture detailed information about an organization’s cyber security controls and implementation. It supports accreditation processes by providing evidence of compliance, risk management, and system-specific security measures.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

RFFR ISM SoA — Right Fit for Risk Information Security Manual Statement of Applicability

The Right Fit for Risk (RFFR) Statement of Applicability (SoA) is a structured template used to document how organizations meet cyber security accreditation requirements. It outlines applicable controls, their implementation status, and provides assurance of compliance with the RFFR framework.

Australian Government • Australia • vJune 2026

View details
CybersecurityRegulation

ISM — Information Security Manual

The Australian ISM is the nationally recognized cybersecurity framework developed by the Australian Signals Directorate. It provides organizations with structured guidance to safeguard information and operational technology systems against evolving cyber threats.

Australian Government • Australia • vJune 2026

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call