Protecting customer and Government data

As a custodian of NSW Government Agency and customer data, Government Technology Platforms (GTP) takes information security seriously. We know that strong controls are vital to protecting the data of our people and businesses, and to ensuring trust in government services.

Information security and privacy is at the heart of everything we do. We have robust policies and procedures in place which help us meet our legal and regulatory requirements in respect of information security, cyber security, privacy, and payment card industry security.

ISMS (Information Security Management System)

We have an established Information Security Management System (ISMS), which since 2019 has been externally certified as meeting the requirements of ISO27001:2013. An ISMS provides a systematic approach for managing all aspects of information security, including people, processes, and technology.

Cyber Security

GTP, as part of DCS (Department of Customer Service) (Department of Customer Service) is prepared to deal with a wide range of Cybersecurity challenges and is continuously improving standards to meet and exceed the levels required of government.

Privacy

The Department of Customer Service Privacy Management Plan outlines how we manage personal and health information in accordance with NSW privacy laws.

PCI DSS (Payment Card Industry Data Security Standard) Compliance

GTP provide a suite of PCI Compliant Payment products that are PCI Compliant by Design and can help reduce your compliance overhead.

Our products are Attested to Level 1 Merchant Category annually. Speak to our Compliance Manager (PCI Specialist) for guidance on how you can best use these products to achieve full PCI Compliance for your department GTPpci@customerservice.nsw.gov.au

Our continued commitment towards better security

The GTP leadership team supports continuous improvement through:

• Significant recruitment across our Security Operations and Information Security teams, bringing increased capacity and specialised capabilities in domains including ISMS, PCI-DSS, Privacy, Risk Management, Infrastructure, Cloud and Web Applications
• Ensuring security considerations are a central part of GTP’s business goalsetting
• Focussed internal security & risk management operational and management committees, convening monthly
• Continuous improvement of our ISMS, including works underway to transform to the new ISO 27001:2022 standard
• New toolsets rolled out to help our developers identify potential vulnerabilities earlier in the product lifecycle, leading to faster and safer deployments
• Strengthening relationships with key external providers for specialised cyber security and privacy professional services
• Fostering security-first culture throughout our business and its people, with mandatory monthly cyber security awareness training for all employees

Our current state of maturity

We complete our annual attestation against the NSW Cyber Security Policy and throughout the year our environment is subject to multiple internal and external assessments, ensuring maximum adherence to the highest levels of security.

Agencies looking for further information about GTP’s information security practices can contact our security team at GTPinformationsecurity@customerservice.nsw.gov.au.