Information security


Keep your information security measures up to date

Your security measures are only effective if they reflect your actual assessed risks and you keep them up to date as risks and threats emerge. 

  • Document and maintain your operating procedures and make them available to all users who need them.
  • Maintain your user access control systems as people (including contractors and suppliers) join, change jobs, and leave the organisation, and when access controls are introduced or changed.
  • Protect your organisation’s ICT equipment from malware, including personal devices that have access your organisation’s information.
  • Apply security patches and updates regularly to ensure that your information is protected from identified and addressed security vulnerabilities.
  • Test your business continuity and disaster recovery plans when new processes, systems, and capability are introduced. Make sure your organisation is adequately prepared for a significant service interruption, attack or other serious security incident.


Page last modified: 4/05/2022