If you’re part of a New South Wales Government Agency or Statutory Body, then ‘DISP’ is an acronym that will already be very familiar to you. Announced by the Premier of NSW in 2012, Digital Information Security Policy (DISP) is a subset of the international ISO ISO27001 ‘Information Security Management’ Standard and has been put in place to ensure a minimal level of Information Security is upheld across the NSW State Government. If you are struggling to assess or accurately report your ‘attestation’ to DISP, the startpoint it to break DISP down into six (6) Core DISP Requirements:
- Core Requirement 1 – Information Security Management System
- Core Requirement 2 – Compliance with Minimum Controls
- Core Requirement 3 – Certified Compliance with AS/NZS ISO/IEC 27001
- Core Requirement 4 – Community of Practice
- Core Requirement 5 – Compliance Attestation
- Core Requirement 6 – Implementation Progress Report