On this page

Next

SACSF Introduction, Scope and Implementation Approach

Governance

Information Security

Personnel

Principle:

Ensure employees and contractors are suitable to access South Australian Government resources and meet an appropriate standard of integrity and honesty.

Supporting requirements: Agencies must implement the personnel security principles of the South Australian Protective Security Framework (SAPSF).

3.1: Personnel Security Lifecycle

Agencies must assess the suitability of new and existing personnel in alignment with the classification of information to be accessed during employment.

Separating personnel must be made aware of their ongoing cyber security obligations.

Tier One Requirements:

  • Background verification checks on all candidates for employment are performed in accordance with relevant laws, regulations, and ethics, and shall be proportional to the business requirements, the classification of the information to be accessed and assessed risks.
  • Agencies assess and manage the ongoing suitability of their personnel in relation to the information accessed as part of their role.
  • Separating personnel are made aware of their ongoing cyber security obligations, and have their access to agency resources withdrawn, per user access management processes.

Tier Two Requirements:

As above

Tier Three Requirements:

As above

Tier Four Requirements:

As above

Physical

Principle:

Provide a safe and secure physical environment for people, information, and assets.

Supporting requirements: Agencies must implement the physical security principles of the South Australian Protective Security Framework (SAPSF).

4.1: Physical Security

Protective security must be integrated in the process of planning, selecting, designing, and modifying agency facilities for the protection of people, information and physical assets.

Tier One Requirements:

  • Physical security measures are in place to protect agency physical assets including people, information and facilities based on the classification of the information that they are approved for processing, storing, or communicating.

Tier Two Requirements:

As above

Tier Three Requirements:

As above

Tier Four Requirements:

As above