Maintaining secure information and notifying us of information security incidents
Last published 15 Feb 2021
The obligations and requirements for service providers to maintain secure information, and notify us when an actual or suspected information security incident is detected. This policy applies to all electronic and physical data storage.
Your obligations for maintaining secure information
Your organisation holds private information about clients and families who access the services you deliver on our behalf.
You’re required to comply with the requirements of relevant Commonwealth and NSW legislation and policy, as well as the provisions of your contract with us, in relation to privacy, information management and your information and communications technology (ICT) systems.
We expect your organisation to establish, maintain, enforce and continually improve policies, procedures and safeguards to protect the personal and confidential data held in your electronic and physical files against unauthorised access, use, disclosure, destruction, loss and alteration. This includes ensuring your staff and governing body are aware of their obligations in relation to information security, and are aware of the resources available to assist you.
- are in addition to any specific provisions for privacy and information security that may be specified in your contract with us
- apply to any organisation you’ve subcontracted to fulfil part or all of the services we have contracted your organisation to deliver.