WA Digital Security Policy (DSP)
This download includes the WA Digital Security Policy requirements only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.
The WA Digital Security Policy (DSP) provides direction for Western Australian public sector agencies in adequately managing their digital security risks.
The Digital Security Policy has the objective of enabling agencies to better ensure the confidentiality, integrity and availability of their digital information. This objective will be achieved by agencies:
- integrating digital security governance within their overall corporate risk management practices;
- identifying their digital security risk exposure;
- incorporating appropriate controls that will enable them to treat those risks; and
- taking a managed, systematic approach.
The WA DSP includes 4 policy requirements and the 114 digital security controls.
The requirements of the Digital Security Policy are as follows:
Policy Requirement One: Implement an Information Security Management System
- Agencies must implement a system for managing their information security risks.
- This ISMS must have the characteristics detailed in Policy Requirements two, three and four.
- Agencies must ensure their ISMS is aligned with their broader risk management approach.
Policy Requirement Two: Governance and Accountability
- Agencies must establish governance that details decision rights, roles, and accountability for managing digital information security risks.
- Digital security must be linked to an agency’s risk and ICT governance frameworks to ensure a consistent approach to risk and the highest level of executive support.
Policy Requirement Three: Assess and Treat Security Risks
- Agencies must have a process that ensures assessment and appropriate treatment of digital security risks.
- Agencies must ensure they are aware of the relevant risks they face. Appropriate steps must be taken to provide protection and assurance that digital security risks are being efficiently and effectively managed within the agency risk appetite.
Policy Requirement Four: Continuous Improvement
- Agencies must ensure that digital security arrangements include formal mechanisms for continuous improvement.
- Digital security arrangements must be routinely monitored, reviewed and tested.
- Agencies must ensure that their risk management approach, and their digital security skills and capabilities, remain commensurate with a dynamic digital security threat environment.
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.
|Type||Laws or related obligations|