The South Australian Cyber Security Framework (SACSF) ensures cyber security is well managed in each South Australian Government agency. The SACSF also provides flexibility in the way agencies address the policies within it. Agencies may still need to refer to the previous version of the SACSF for transition and attestation purposes.

The SACSF applies to South Australian public sector agencies as defined by the Public Sector Act 2009.  The SACSF consists of 18 policy statements underpinning the four principles of: Governance, Information Security, Personnel Security, and Physical Security. Agencies must address each policy statement during implementation. Requirements are tiered across four levels , with each level adding more stringent controls commensurate with the risk exposure. The SACSF policies and requirements can be accessed using the tiles below:

SACSF standards and rulings are specific applications of security policy that must be adhered to by all agencies.

These guidelines provide detailed implementation advice on specific SACSF requirements aligned with industry standards. The individual requirements of agencies will determine how each guideline is used and what actions are needed to manage risks.

The Cyber Security Program Guide supports agencies to effectively implement the SACSF and manage cyber security risks against the agency’s services.

A range of templates are available to assist with cyber security planning, as well as other resources (guides, templates and tools) to enhance cyber security practices and build capacity in areas such as risk management, incident response, awareness and training. To access these templates, please click here.

Further reading

A number of across government cyber-related policies and guidelines can be found on the Department of Treasury and Finance website, by visiting ⁠Policies and guidelines.