Reports
Actions for Management of the Critical Communications Enhancement Program
Management of the Critical Communications Enhancement Program
Effective radio communications are crucial to NSW's emergency services organisations. The Critical Communications Enhancement Program (CCEP) aims to deliver an enhanced public safety radio network to serve the five emergency services organisations (ESOs), as well as a range of other users. This report assesses whether the NSW Telco Authority is effectively managing the CCEP. What we found Where it has already been delivered
Actions for Cyber Security NSW: governance, roles, and responsibilities
Cyber Security NSW: governance, roles, and responsibilities
Cyber Security NSW is part of the Department of Customer Service, and aims to provide the NSW Government with an integrated approach to preventing and responding to cyber security threats. This audit assessed the effectiveness of Cyber Security NSW's arrangements in contributing to the NSW Government's commitments under the NSW Cyber Security Strategy, in particular, increasing the NSW Government's cyber resiliency. The audit a
Actions for Compliance with the NSW Cyber Security Policy
Compliance with the NSW Cyber Security Policy
This audit assessed nine agencies’ compliance with the NSW Cyber Security Policy (CSP) including whether, during the year to 30 June 2020, the participating agencies: met their reporting obligations under the CSP reported accurate self-assessments of their level of maturity implementing the CSP’s requirements including the Australian Cyber Security Centre’s (ACSC) Essential 8. What we found Key elements to strengthen cybe
Actions for Managing cyber risks
Managing cyber risks
This audit assessed how effectively Transport for NSW (TfNSW) and Sydney Trains identify and manage their cyber security risks. The NSW Cyber Security Policy (CSP) sets out 25 mandatory requirements for agencies, including implementing the Australian Cyber Security Centre’s Essential 8 strategies to mitigate cyber security incidents, and identifying the agency’s most vital systems, their ‘crown jewels’. The audited agenc
Actions for Integrity of data in the Births, Deaths and Marriages Register
Integrity of data in the Births, Deaths and Marriages Register
This report outlines whether the Department of Customer Service (the department) has effective controls in place to ensure the integrity of data in the Births, Deaths and Marriages Register (the register), and to prevent unauthorised access and misuse. The audit found that the department has processes in place to ensure that the information entered in the register is accurate and that any changes to it are validated. Although there are controls in place
Actions for Electronic Information Security
Electronic Information Security
The Government is not able to provide assurance that it is safeguarding its holdings of sensitive personal information because its policy has not been properly implemented. This is likely to remain the case until there are clear, mandatory, minimum standards that agencies sign up to, and scrutiny of performance against these standards is strengthened. Parliamentary reference - Report number #207 - released 20 October 2010
Actions for Use of the internet and related technologies to improve public sector performance
Use of the internet and related technologies to improve public sector performance
Notwithstanding the considerable effort, it is not apparent that the Government's vision can be fully achieved without increased efforts. Based on the current position, to ensure that the Government's vision can be achieved the Audit Office is of the view that the following key issues need to be urgently addressed: more robust mechanisms are needed to monitor, review and report publicly on progress and benefits a greater emphasis sho