Information Security Compliance
Organisations can be required to comply with specified standards as a result of legislative requirements, contractual requirements or to prove to customers than they have attained a certain level of information security. In all these situations, being guided in the process of achieving compliance will result in achieving the goal in a shorter timeframe, ultimately saving the organisation money.
Privacy Act / Australian Privacy Principles
The Privacy Act, and its Australian Privacy Principles, ensures that organisations collect, store and process personal information in a way that protects the privacy of clients. All organisation that collect personal information, including health information, must be compliant with the Privacy Act.
All organisations that deal with payment card information must comply with PCI DSS, from banks to small stores to eCommerce websites. Failure to be compliant can result in fines or removal of card processing capability therefore it is essential to understand the compliance requirements of PCI DSS.
ISO27001 is the most well-known and recognised standard for designing an information security management system to ensure information security is implemented and maintained. Compliance with ISO27001 assures customers that an organisation is handling their information in a secure and responsible manner.
ISM / IRAP
The ISM continues to apply to Australian government agencies and organisations but is now increasingly a requirement for commercial organisations that conduct business with government and defence. Endorsed IRAP assessors are qualified to assess an organisation against the ISM, provide advice on remediation and certify systems.
NSW Government DISP
Compliance with the NSW Government DISP is a requirement for all NSW Public Service Agencies and Shared Service Providers however it is also recommended for State Owned Corporates, local councils and universities. All of these organisations must maintain good information security to maintain public confidence in their operations.