Skip to Content

Maintaining secure information and notifying us of information security incidents

The obligations and requirements for service providers to maintain secure information, and notify us when an actual or suspected information security incident is detected. This policy applies to all electronic and physical data storage.

Your obligations for maintaining secure information

Your organisation holds private information about clients and families who access the services you deliver on our behalf.

You’re required to comply with the requirements of relevant Commonwealth and NSW legislation and policy, as well as the provisions of your contract with us, in relation to privacy, information management and your information and communications technology (ICT) systems.

We expect your organisation to establish, maintain, enforce and continually improve policies, procedures and safeguards to protect the personal and confidential data held in your electronic and physical files against unauthorised access, use, disclosure, destruction, loss and alteration. This includes ensuring your staff and governing body are aware of their obligations in relation to information security, and are aware of the resources available to assist you.

If your organisation detects an actual or suspected information security incident, you’re required to notify DCJ and keep us informed of progress until its resolution.

These requirements:

  • are in addition to any specific provisions for privacy and information security that may be specified in your contract with us
  • apply to any organisation you’ve subcontracted to fulfil part or all of the services we have contracted your organisation to deliver.
Was this content useful?
Last updated: 15 Feb 2021