2.1 Information security

The Ministerial Information Security Policy (the Policy) sets out the security requirements for all users accessing services through the ministerial network. The Policy sets out the principles for the use of Ministerial Services internet, email and social media.

Use of IT systems must be able to withstand public scrutiny and comply with applicable laws, regulations and guidelines.

All users have a responsibility to be ethical and efficient in their use of IT systems. Use of the IT systems may be monitored.

Email and internet use

A ministerial email account is provided for ministerial portfolio-related business, which is business and activities associated with any of the Minister’s portfolio responsibilities as detailed in the relevant Administrative Arrangements Order.

Users must ensure all ministerial portfolio-related business is conducted only through their ministerial email account. This is the only approved email system for use for ministerial portfolio-related business. Controls are put in place to maintain the confidentiality, integrity and availability of the system.

If a communication is received in a private email account that relates to ministerial portfolio-related business it must be forwarded from the private email account to the official ministerial email account within 20 days of receipt of the email. If a response is required, a ministerial email account should be used to respond.

Social Media and Messaging Applications

Messaging applications such as Facebook Messenger, SnapChat, and Wickr Me should not be used for ministerial portfolio-related business. Ministers may use WhatsApp and Signal for ministerial portfolio-related business provided appropriate records are maintained in accordance with the Public Records Act 2002. The Director-General, Department of the Premier and Cabinet (in consultation with the Premier’s Office) may also approve use of messaging applications in exceptional circumstances.
See: Section 2.2 Ministerial Records

Consistent with the current Queensland Government Enterprise Architecture Use of TikTok Application Policy issued on 14 April 2023, the TikTok application must not be installed on any government-owned device unless there is an approved legitimate business reason.

Refer to the Ministerial Information Security Policy for further advice.

Mobile devices

The use of smart phones/tablets supported on the network is approved by the Office of the Premier.

Privately owned devices (sometimes known as BYOD) will only be connected to the ministerial network if approved by the Minister or relevant Chief of Staff. Those using approved privately owned devices must agree to comply with the BYOD Policy. Approved devices are managed via the ministerial mobile device management software. Unapproved devices will be seen as a breach to ministerial network security and will be disabled.

Data usage on ministerial-issued devices (including approved privately owned devices) should be monitored closely, as Ministerial Services will not reimburse costs for excessive data usage.

Smart phones/tablets can contain sensitive information. A lost device (including approved privately owned devices) must be reported immediately to the Ministerial Services IT Service Desk who can remotely disable and securely erase the device.

Users travelling overseas with ministerial issued devices must contact Ministerial Services to ensure the appropriate actions have taken place to protect information and avoid hefty international roaming charges on either work provided or personal devices.