Have Your Say: City of Sydney’s Smart City Strategy

Have Your Say: City of Sydney’s Smart City Strategy

The City of Sydney is seeking feedback on its plans to become a smart city. The City’s draft Smart City Strategic Framework outlines how Sydney plans to “do more with less” in terms of energy, resources and space thanks to data and “smart” infrastructure. It proposes five outcomes: A city supporting connected, empowered communities; A… Continue Reading

Congratulating Justin Keefe

Congratulating Justin Keefe

GRC Services congratulates Justin Keefe for his appointment as Chief Technology Officer (CTO) at the Australian Department of Defence. As the department’s new CTO, Justin will take charge of the CTO division, which oversees Defence’s IT strategy, technology roadmaps, architecture and the delivery of IT systems and applications. He will also provide strategic guidance and… Continue Reading

Azure Security Benchmark

Azure Security Benchmark

Microsoft has published its first Azure Security Benchmark v1 (ASB). ASB inlcudes over 90 security best practice recommendations you can employ to increase the overall security and compliance of all your workloads in Azure. The ASB controls are based on industry standards and best practices, such as Center for Internet Security (CIS) and NIST. ASB… Continue Reading

A Zero Trust Approach to Cyber Security

A Zero Trust Approach to Cyber Security

A 2018 study conducted by Forrester found that organisations that adopt a Zero Trust Security approach are twice as confident to accelerate new business initiatives and customer experiences. Zero Trust Security assumes that untrusted parties already exist both inside and outside an organisation’s network. In other words, not all staff and contractors might be trusted,… Continue Reading

Congratulating Linda Da Silva

Congratulating Linda Da Silva

GRC Services and The SJE Group congratulates Ms Linda Da Silva on her appointment as Chief Information Officer (CIO) at ING. Ms Da Silva joins ING from Westpac’s BT Financial Group where she was the CIO. She takes over from Ms Ani Paul who has now become ING’s Global Chief Data Officer based in Amsterdam.… Continue Reading

The Novel Coronavirus (2019-nCoV) – Business Continuity Considerations

The Novel Coronavirus (2019-nCoV) – Business Continuity Considerations

The situation with the 2019-nCoV disease outbreak has moved on rapidly since it was first identified in Wuhan City, China. Infected people have been identified in Thailand, Japan and the Republic of Korea; and the first cases of human-to-human transmission have been confirmed. In response to the disease spread, The World Health Organization (WHO) had… Continue Reading

Phishing Attacks

Phishing Attacks

It is often said that people are the weakest link in information security. No matter how many technical controls IT staff might put in place, a simple click of a malicious link can bring an organisation to its knees. All it takes is one employee, and one click. Phishing attacks continue to be one of… Continue Reading

New SAI Global Assurance Whitepaper on ISO 45001

New SAI Global Assurance Whitepaper on ISO 45001

Safety isn’t just a tick in a checkbox, it’s a 24×7 commitment to ensuring all standards are met and risks are mitigated when it comes to employee safety. In fact, identifying potential hazards should be viewed as an opportunity that not only improves business operations and processes but also helps gain a competitive edge over… Continue Reading

World Bar Conference 2020

World Bar Conference 2020

Early bird registrations are now open for the World Bar Conference 2020 which will take place on 8-9 April 2020 at The Murray, Hong Kong. With the theme “Common Law in an Uncommon World”, the Conference provides a platform to discuss and reflect on important issues pertaining to the rule of law, the professions of… Continue Reading

2020 Personal Injury/Common Law Conference

2020 Personal Injury/Common Law Conference

The Conference Program for the 2020 Personal Injury/Common Law Conference has been released. The 2020 Personal Injury and Common Law Conference will be held at Hilton Hotel, George Street on Saturday 14 March 2020. The conference offers 5 CPD points. Speakers include: The Honourable Justice Geoffrey Bellew, Supreme Court of NSW Elizabeth Wood, Deputy President,… Continue Reading

New NSW ICAC FAQ on Conflicts of Interest

New NSW ICAC FAQ on Conflicts of Interest

The NSW ICAC has released new Conflict of Interest FAQs for Managers and Public Officials and a new sample conflict of interest policy. Citizens rightly expect that public officials, or their close connections and associates, should never be in a position to obtain an undue personal benefit as a result of the public official doing… Continue Reading

New Residential Tenancy Laws in NSW

New Residential Tenancy Laws in NSW

Changes to NSW tenancy laws which improve tenants’ renting experience while ensuring that landlords can effectively manage their properties start on 23 March 2020. The changes to the Residential Tenancies Act 2010 and the new Residential Tenancies Regulation 2019 deliver important protections for tenants and landlords. With more than 30 percent of the NSW population… Continue Reading

NSW RFS’s Planning for Bushfire Protection Guide Updated

NSW RFS’s Planning for Bushfire Protection Guide Updated

An updated version of the “Planning for BushFire Protection 2019 (PBP 2019)” guide for councils, planners, fire authorities and developers promises to provide improved clarity, design flexibility and appropriate bush fire safety outcomes to people building or re-building in bushfire-prone areas. Planning for Bush Fire Protection 2019 (PBP) provides development standards for designing and building… Continue Reading

NSW Health My Health Record Security and Access Policy

NSW Health My Health Record Security and Access Policy

NSW Health has published PD2019_054 “My Health Record Security and Access Policy”. The Policy Directive outlines the obligations and responsibilities of all individuals and organisations who use the NSW Health HealtheNet Clinical Portal (HealtheNet) to access the national My Health Record system. The national My Health Record system is designed to provide a secure online… Continue Reading

NSW Health High-Risk Medicines Management Policy

NSW Health High-Risk Medicines Management Policy

NSW Health has published PD2019_058 “High-Risk Medicines Management Policy”. The Policy Directive sets out the requirements for the safe management and the use of high-risk medicines within NSW Health facilities. It defines the requirements for establishing a high-risk medicine program that includes the development of a specific high-risk medicines register and the strategies to mitigate… Continue Reading

NSW Health Privacy Internal Review Guidelines

NSW Health Privacy Internal Review Guidelines

NSW Health has published its Privacy Internal Review Guidelines to help staff navigate and comply with all legislative requirements in conducting a privacy internal review. The new Guidelines replace GL2006_007 and apply across the whole of NSW Health. There are three key principles: 60-day time limit A privacy internal review must be completed as soon… Continue Reading

New Edition of “Duties of Officers and Directors” Guide

New Edition of “Duties of Officers and Directors” Guide

The Governance Institute of Australia has published the third edition of its “Duties of Officers and Directors” guide. The third edition has been substantially updated to reflect recent developments and sets out: * officers’ and directors’ duties as defined in the Corporations Act and interpreted in case law; * fiduciary duties and the individuals that… Continue Reading

World Economic Forum’s Global Risks Report 2020

World Economic Forum’s Global Risks Report 2020

The World Economic Forum has published its Global Risks Report 2020. For the first time in the survey’s 10-year outlook, the top five global risks in terms of likelihood are all environmental and include: * Extreme weather events with major damage to property, infrastructure and loss of human life; * Failure of climate-change mitigation and… Continue Reading

Congratulating Sonia Cooper

Congratulating Sonia Cooper

Ms Sonia Cooper has been appointed as General Manager, Corporate Services at Ipswich City Council. Ms Cooper will start in the role on Monday 3 February. Ms Cooper is currently a Deputy Commissioner with the Public Service Commission within the Queensland Government. Her previous roles during her almost 30-year career include General Manager of Corporate… Continue Reading

ISO 22301:2019 – What’s New?

ISO 22301:2019 – What’s New?

A revised version of the ISO 22301 standard was released in October 2019. The revised version included some changes and clarifications, but introduced no new requirements. Those who have been following the standard for a while may remember that it underwent a major update to its “management system” components (clauses 4-10) in 2012. That’s also… Continue Reading

New ISO Standard for Sustainable Cities & Communities

New ISO Standard for Sustainable Cities & Communities

A smart city is a resilient city, able to handle all the challenges of a changing world while keeping essential functions running. But how can a city know its level of resilience? ISO 37123 has been published to help. With a rapidly rising world population and growing urbanisation, cities that want to survive need to… Continue Reading

Fraud Inhibits Digital Innovation

Fraud Inhibits Digital Innovation

Kount has released a new research report on digital innovation and emerging fraud. Their study found that the most innovative businesses are also the ones facing the greatest fraud threats. The study surveyed hundreds of respondents across the retail, restaurant, insurance, and financial industries. It found that over 40% of businesses say fraud impedes their… Continue Reading

New Whistleblower Legislation, VIC

New Whistleblower Legislation, VIC

On 5 March 2019, the Victorian Parliament passed new legislation which makes some changes to Victoria’s integrity system. The legislation has established a new parliamentary oversight committee, the Integrity and Oversight Committee, consolidating the oversight and performance review of a number of Victorian integrity agencies, including the Independent Broad-based Anti-corruption Commission (IBAC). The new legislation… Continue Reading

2019 Annual Information Statement Extension for Charities

2019 Annual Information Statement Extension for Charities

In December 2019, ACNC Commissioner, the Hon Dr Gary Johns, announced a blanket extension to the due date for the 2019 Annual Information Statements for charities with an Address For Service in a bushfire-affected areas. The 2019 Annual Information Statements for charities in these areas is now due 31 March 2020. This due date will… Continue Reading

Asset Management Policy for the NSW Public Sector

Asset Management Policy for the NSW Public Sector

NSW Treasury has issued TPP 19-07 ‘Asset Management Policy for the NSW Public Sector’, which sets out the core management practices the NSW Government expects agencies to adopt to support their asset management processes with the objective of strengthening accountability, performance and capability across the NSW public sector. The policy mandates NSW Government agencies adopt… Continue Reading

NSW Audit Office Report on the NSW District Criminal Court System

NSW Audit Office Report on the NSW District Criminal Court System

The NSW Audit Office has released a report on whether the Department of Communities and Justice (the department) effectively supports the efficient operation of the District Criminal Court system. The audit found that in the provision of data and technology services, the department is not effectively supporting the efficient operation of the District Criminal Court… Continue Reading

Congratulating Rachel Noble

Congratulating Rachel Noble

GRC Services congratulates Ms Rachel Noble who will become the first woman to lead the Australian Signals Directorate (ASD) when she takes up the role next February. Ms Noble has previously worked at the ASD and recently headed the Australian Cyber Security Centre where she led the government’s cyber security capabilities and response to security… Continue Reading

NSW Impounding Act Review

NSW Impounding Act Review

The NSW Government has announced the first comprehensive review of laws enabling local councils to protect their communities from safety hazards caused by abandoned items in public places. The review of the Impounding Act will help ensure communities are protected from nuisances and hazards caused by rogue shopping trolleys, boat trailers, share bikes and e-scooters.… Continue Reading

Webcasting of NSW Council Meetings Goes Live

Webcasting of NSW Council Meetings Goes Live

Around a year ago, we blogged about the upcoming requirement for NSW Council meetings to be streamed. We believe this is a positive control that helps Councillors and Council officers to maintain appropriate conduct and ethics. The time has come. NSW Councils are now required to webcast their meetings to allow more residents to watch… Continue Reading

Privacy Self-Assessment Tool

Privacy Self-Assessment Tool

The Information and Privacy Commission NSW has published a Privacy Self-Assessment Tool that can be used by organisations to self-assess the maturity of their privacy, information management and governance practices. Strong leadership is key to establishing a culture of privacy protection in agencies. Executives who recognise the importance of good personal information handling in delivering… Continue Reading

Electoral Donations Reform in Queensland

Electoral Donations Reform in Queensland

In November 2019 the Electoral and Other Legislation (Accountability, Integrity and Other Matters) Amendment Bill 2019 was introduced to the Queensland Legislative Assembly. The Bill is now before the Economics and Governance Committee to conduct an inquiry and report back to the Legislative Assembly. The Department of Local Government, Racing and Multicultural Affairs website has… Continue Reading

Whistleblowers Protection Policy – NFPs

Whistleblowers Protection Policy – NFPs

Whistleblowers play an important role in identifying and calling out misconduct and harm to consumers and the community. To encourage whistleblowers to come forward with their concerns and protect them when they do, the Corporations Act 2001 gives certain people legal rights and protections as whistleblowers. From 1 July 2019, the whistleblower protections in the… Continue Reading

Learnings from SA Health

Learnings from SA Health

The SA Independent Commission Against Corruption (ICAC) has published its report following an examination of governance practices at SA Health. The Commissioner notes: “I have formed the view that poor conduct and practices are common and accepted within SA Health. I cannot quantify the extent to which this is happening or the cost to the… Continue Reading

NSW Audit Office Report on NSW Central Agencies

NSW Audit Office Report on NSW Central Agencies

The NSW Audit Office has released a report on the results of their audits of NSW Government central agencies, namely the Premier and Cabinet, Treasury and Customer Service clusters. There are 191 agencies in these clusters, including government financial, superannuation and insurance entities. There were two high risk and 99 moderate risk audit findings on… Continue Reading

NSW Local Government Staff Training Plans & Budgets

NSW Local Government Staff Training Plans & Budgets

The Industrial Relations Commission of New South Wales has directed all employers covered by the Local Government (NSW) Award 2017 to produce copies of training plans and training budgets for the financial year ending 30 June 2019, to assist the parties in dealing with some of the amendments sought by the unions in the new… Continue Reading

NSW Audit Office Report on DPIE

NSW Audit Office Report on DPIE

The NSW Audit Office has released its report on the results of audits of agencies in the NSW Planning, Industry and Environment cluster. The Audit Office continued to identify issues regarding unprocessed Aboriginal land claims and the recognition of Crown land. Auditor-General’s reports to parliament have recommended action to reduce the level of unprocessed land… Continue Reading

NSW Audit Office Report on Education Cluster

NSW Audit Office Report on Education Cluster

The NSW Audit Office has released a report arising from their audit of agencies within the Education cluster. Internal control deficiencies were identified across the cluster agencies, including 14 findings that were repeated from the previous year. Control deficiencies were also identified in a sample of the state’s 2,200 schools. Some of the key findings… Continue Reading

NSW Audit Office Report on Stronger Communities

NSW Audit Office Report on Stronger Communities

The NSW Auditor-General released her report today on the NSW Stronger Communities cluster. There were 157 audit findings on internal controls. Two of these were high risk, 67 were moderate risk and 59 were repeat findings from previous financial audits. Control weaknesses include: * Significant data quality issues arising from the VS Connect system implementation… Continue Reading

Some of Australia’s biggest companies such as Qantas, Woolworths, Commonwealth Bank, ABC and many more have been forced to repay staff millions of dollars. The Fair Work Ombudsman’s 2018-19 Annual Report highlights a significant increase in under payments – recovering more than $40 million for 18,000 underpaid employees during the financial year; the highest total… Continue Reading

New NIST Guide on Developing Cyber Resilience

New NIST Guide on Developing Cyber Resilience

NIST has announced the release of NIST Special Publication (SP) 800-160 Volume 2, Developing Cyber Resilient Systems: A Systems Engineering Approach, which is the first in a series of specialty publications developed to support NIST SP 800-160 Volume 1. The new document provides a handbook for achieving cyber resiliency outcomes based on a systems engineering… Continue Reading

E-Planning and Reporting System Mandatory in NSW

E-Planning and Reporting System Mandatory in NSW

It will be mandatory for NSW metropolitan councils to use the NSW government’s e-planning and reporting system from next year. The aim of this decision is to cut red tape and reduce assessment times, and to put a spotlight on both state and local government to ensure planning is being done in a timely way.… Continue Reading

NSW Audit Office Report on Health Cluster

NSW Audit Office Report on Health Cluster

The NSW Audit Office released a report today on the New South Wales Health cluster. The report focuses on key observations and findings from the most recent financial audits of the Ministry of Health, local health districts, specialty health networks, health corporations and independent health agencies in New South Wales. The report also summarises self-reported… Continue Reading

Asbestos Awareness & Management

Asbestos Awareness & Management

Councils have a key role to play in The National Strategic Plan for Asbestos Awareness and Management 2019–2023 prepared by the Asbestos Safety and Eradication Agency. The strategy requires councils to assist in improving asbestos awareness, to influence behaviour change, progress identification and effective legacy asbestos management, and undertake safe and prioritised removal and disposal… Continue Reading

COAG waste export ban: Have your say!

COAG waste export ban: Have your say!

Commonwealth, State and Territory Environment Ministers have agreed that the export of waste paper, plastic, glass and tyres that have not been processed into value-added materials should be banned. The ban is proposed to commence 1 July 2020 with a phased approach: * All waste glass by July 2020 * Mixed waste plastics by July… Continue Reading

Australian University Foreign Interference Countering Guidelines

Australian University Foreign Interference Countering Guidelines

Universities conduct research into a wide array of fields, from the arts to social sciences, medical breakthroughs to engineering and information technology. These research projects and discoveries carry great intellectual property value as well as strategic advantages to the commercial and government sectors. Following a spate of state sponsored attacks against Australian universities, such as… Continue Reading

Backups of Data in the Cloud

Backups of Data in the Cloud

Most organisations have an obligation to maintain backed up data and systems for a period of time (e.g. for tax purposes, record-keeping purposes, and other regulatory compliance purposes) and in a particular geographic place (e.g. for privacy law data sovereignty purposes). Organisations assume that their cloud service providers retain their backups for the required periods.… Continue Reading

Small business CGT concessions – shares and trust interests

Small business CGT concessions – shares and trust interests

A taxpayer must meet additional conditions to access the small business capital gains tax (CGT) concessions for shares in a company or interests in a trust. A taxpayer can apply the small business CGT concessions to lower or disregard their capital gain from the disposal of their CGT assets. If the CGT asset is a… Continue Reading

Local Government Bill 2019 (VIC)

Local Government Bill 2019 (VIC)

The Victorian Local Government Bill 2019 is waiting to be considered by the Legislative Assembly before moving to the Legislative Council. The Bill could be passed in its current form, or it could be referred to a Parliamentary Committee for further public consultation and scrutiny. Key themes The proposed changes can be divided into five… Continue Reading

Australian Charities Annual Information Statements Due

Australian Charities Annual Information Statements Due

Charities have an ongoing obligation to report each reporting period. Charities report by submitting an Annual Information Statement (AIS) and an annual financial report (if medium or large in size). Report according to your charity’s size Your charity’s financial reporting and other obligations to the ACNC depend on whether it is considered a small, medium… Continue Reading

Contractor WHS Risks

Contractor WHS Risks

The issue of managing contractor Work Health & Safety (WHS) performance is an ongoing concern among organisations of all industries, typically because contractors may be performing non-routine work at sites that are not directly supervised by an WHS manager, or any manager at all. The prequalification process for contractors involves numerous steps and variables, with… Continue Reading

Australian Government Cyber Security Compliance Report

Australian Government Cyber Security Compliance Report

The Cth Attorney-General’s Department released its 2017-2018 Protective Security Policy Framework (PSPF) Compliance Report this week. It reports almost 40% of agencies were still to fully-implement the Australian Signals Directorate’s (ASD’s) top four (mandatory) cyber mitigation strategies which avoid at least 85% of cyber threats. Cth agencies have had since April 2013 to implement these… Continue Reading

Forbes Society Annual Plunkett Lecture

Forbes Society Annual Plunkett Lecture

The annual legal history Plunkett Lecture for 2019 will be delivered on Wednesday, 13 November 2019 at 5.15pm in Banco Court. The 2019 Plunkett lecture, “Attorneys-General in Eighteenth-Century England” will be delivered by Emeritus Professor Wilfrid Prest and chaired by the Hon Justice Andrew Bell, President of the Court of Appeal. In keeping with the… Continue Reading

Cyber risks and data governance: Top concerns for CAEs

Cyber risks and data governance: Top concerns for CAEs

Gartner conducted interviews and surveys of Chief Audit Executives (CAEs) from across its global network of client organisations to identify the biggest risks facing boards, audit committees and executives in 2020. Data governance came in as CAEs’ number one audit concern, followed by cybersecurity preparedness. This is in part due to regulatory scrutiny along with… Continue Reading

Cybersecurity the second biggest threat for Councils

Cybersecurity the second biggest threat for Councils

A report surveying local government CEOs and General Managers has found that cybersecurity is the second biggest risk for local government following financial sustainability. Many Council IT departments have to deal with old and legacy systems that are either out of support or “locked out” of being able to apply contemporary security updates and patches.… Continue Reading

ISO 22301:2019

ISO 22301:2019

The 2019 version of the ISO 22301 standard was recently published. The revisions bring the standard more in line with the newer ISO standards, including 31000, 27001, 90001 and all others that include the modern “management system” format. As such, it prescribes various “mandatory documents” and records that are required to demonstrate compliance (and to… Continue Reading

OCHRE Review Report

OCHRE Review Report

The NSW Ombudsman has tabled the OCHRE Review Report in Parliament. OCHRE – Opportunity, Choice, Healing, Responsibility, Empowerment – is the NSW Government’s plan for Aboriginal Affairs, which commenced on 5 April 2013. The intent of OCHRE is to address the challenges facing Aboriginal communities, issues to be addressed, and what else is needed to… Continue Reading

Heavy Vehicle National Law Review

Heavy Vehicle National Law Review

The National Transport Commission (NTC) is leading the review of the Heavy Vehicle National Law (HVNL) and its supporting regulations. The HVNL Review will result in performance-based and outcomes-focused regulation that will: improve safety for all road users support increased economic productivity and innovation simplify administration and enforcement of the law support the use of… Continue Reading

OAIC Annual Report – Key Findings

OAIC Annual Report – Key Findings

The Office of the Australian Information Commissioner tabled its annual report for 2018-19 in Parliament. The report shows a rise in privacy complaints, FOI requests and applications to review FOI decisions. Key statistics for 2018–19 include: * 3,306 privacy complaints received (up 12% compared to 2017–18) * 2,920 privacy complaints finalised (up 6%) * Average… Continue Reading

GRC Congratulates Tim Hume

GRC Congratulates Tim Hume

Tim Hume has been named Macquarie University’s new permanent Chief Information Officer after holding the position in an interim capacity since June. Tim formerly spent five years as CIO at the former NSW Department of Family and Community Services, where he closed a $54 million deal with SAP to migrate the agency to a cloud-based… Continue Reading

Gift Card Reforms Start on 1st Nov 2019

Gift Card Reforms Start on 1st Nov 2019

Following a number of States introducing gift card reforms over the last few years, the Australia Consumer Law has now been amended to provide protections for gift card consumers across Australia. These national changes apply to gift cards supplied to consumers on or after 1 November 2019. If the terms and conditions of a gift… Continue Reading

Fundraiser for Indigenous Barrister Trust

Fundraiser for Indigenous Barrister Trust

The First Nations Committee will host a fundraiser on 20 November from 5.00pm at the Public Defenders Chambers, 23/1 Oxford Street. Try some bush tucker and wines by First Nations wine makers. There will be First Nations art and other items for sale and up for raffle. Have fun and raise funds for the Indigenous… Continue Reading

Workers Compensation Commission Portal

Workers Compensation Commission Portal

The Workers Compensation Commission will have a purely computer based system of filing documents from January 2020. Their system envisages that many solicitors will not send a traditional brief to counsel and that instead barristers will read most of their brief by accessing the filed documents through the WCC “portal”. The WCC has offered to… Continue Reading

PCI DSS 4.0: Have Your Say

PCI DSS 4.0: Have Your Say

The PCI Council has issued a Request for Comments (RFC) on an early draft of PCI Data Security Standard Version 4.0. You can submit your comments from 28 October to 13 December 2019. Background on PCI DSS v4.0 PCI DSS is being updated to address PCI SSC stakeholder feedback and to support a range of… Continue Reading

Draft Privacy Safeguard Guidelines for the Consumer Data Right

Draft Privacy Safeguard Guidelines for the Consumer Data Right

The Office of the Australian Information Commissioner (OAIC) is seeking feedback on the draft Privacy Safeguard Guidelines for the Consumer Data Right (CDR). The CDR will start in February 2020 in the banking sector, giving individual and business consumers greater ability to use their data to compare and switch between products and services. The OAIC… Continue Reading

“Closing the Gap” Survey

“Closing the Gap” Survey

The Coalition of Aboriginal and Torres Strait Islander Peak Organisations is seeking feedback via an online survey on what is needed to make real change in the lives of Aboriginal and Torres Strait Islander peoples. Survey findings will inform a new National Agreement on Closing the Gap setting out how governments will work with the… Continue Reading

Special Activation Precincts in Regional NSW

Special Activation Precincts in Regional NSW

The NSW Department of Planning, Industry and Environment is seeking feedback on a proposed state-wide framework for special activation precincts and the draft Parkes Master Plan. A draft master plan for the state’s first special activation precinct at Parkes, along with an explanation of intended effect for a new Activation Precincts State Environmental Planning Policy… Continue Reading

Penalties Available to NSW Councils for Code of Conduct Breaches

Penalties Available to NSW Councils for Code of Conduct Breaches

A NSW Office of Local Government (OLG) circular was published on 2 October 2019, clarifying the penalties available to councils for code of conduct breaches by councillors following the Supreme Court’s decision in Cornish v Secretary, Department of Planning, Industry and Environment [2019] NSWSC 1134. The OLG has advised councils against imposing a sanction under… Continue Reading

Building Reform

Building Reform

The Planning Institute of Australia is hosting a ‘Building Reform – why it matters to planners’ forum (Sydney, 22 October). Speakers will provide an overview of the latest reform; issues faced by homeowners in defective buildings; perspectives of certifiers, regulators, and developers; and ideas for how to maintain confidence in the quality of buildings. Find… Continue Reading

Planning for Australia’s Future Population

Planning for Australia’s Future Population

The Australian Government launched a new Centre for Population and an updated plan for the nation’s growth last week. It is intended that the research, analysis and forecasting undertaken by the centre will help all levels of government and the community better understand how states’, cities’ and regions’ populations are changing and the challenges and… Continue Reading

Draft Legislation for Design and Building Practitioners

Draft Legislation for Design and Building Practitioners

The NSW Government is seeking feedback on new draft legislation governing the design, building and construction sectors. The Design and Building Practitioners Bill 2019 has been released as part of the government’s response to recommendations in the Building Confidence Report (by Professor Peter Shergold and Bronwyn Weir). The draft bill introduces a suite of new… Continue Reading

Draft Regulations for Building Certifiers

Draft Regulations for Building Certifiers

The NSW Government is seeking feedback on a draft regulation for building and development certifiers. The Building and Development Certifiers Regulation 2019 is required before the Building and Development Certifiers Act 2018 can come into force. The act was passed by the NSW Parliament in October 2018 to strengthen the regulation of certifiers in the… Continue Reading

New Cladding Guidelines

New Cladding Guidelines

Standards Australia has developed a permanent labelling system of aluminium composite panel products. The 2014 Lacrosse building fire in Melbourne and the Grenfell fire in London in June 2017 highlighted the fire safety risks arising from the non-compliant use of potentially hazardous aluminium cladding on buildings and led to the development of the new guideline.… Continue Reading

Restoration and Rehabilitation Environmental Trust Grants

Restoration and Rehabilitation Environmental Trust Grants

A total of $4m is available for projects that assist in the ongoing sustainable management and stewardship of significant environmental assets and services under the 2020 round of the NSW Environmental Trust’s Restoration and Rehabilitation Grants Program. Applicants can apply for grants ranging from $5,000 to $10,000 For more information and to apply, visit the… Continue Reading

Local Government Rank to Grade Guide

Local Government Rank to Grade Guide

The NSW Veterans Employment Program has developed a Local Government Rank to Grade Guide to help hiring managers and veterans understand how Australian Defence Force skills and experience align with public sector jobs. Local councils in NSW employ around 45,000 full-time employees across a wide range of roles. The guide aligns council roles to military… Continue Reading

Aboriginal Cultural Heritage Advisory Committee Nominations

Aboriginal Cultural Heritage Advisory Committee Nominations

The NSW Department of Premier and Cabinet is seeking nominations for the Aboriginal Cultural Heritage Advisory Committee. The committee plays an important role in advising the Minister and Chief Executive of the department on matters relating to Aboriginal cultural heritage in NSW. Nominations are sought from people who demonstrate: * involvement in cultural heritage matters… Continue Reading

WGEA Reporting Obligations

WGEA Reporting Obligations

The Workplace Gender Equality Agency (WGEA) is an Australian Government statutory agency created to support the implementation of the Workplace Gender Equality Act (2012). The Agency is responsible for promoting and improving gender equality in Australian workplaces. Under the Workplace Gender Equality Act (2012), all Australian non-public organisations that employ 100 or more employees are… Continue Reading

Meaningful Risk Registers

Meaningful Risk Registers

Unfortunately, Risk Registers are often simply dust collectors. They are documents that are reviewed and updated once in a while simply to tick a compliance box, or an audit is happening, or because it’s been scheduled and people want to get it over and done with. These become meaningless exercises and loses the value of… Continue Reading

ISO 22316: Security and resilience – Organisational resilience

ISO 22316: Security and resilience – Organisational resilience

The ISO 22316 standard has  just been published to help organisations build and continually improve their resilience. With threats such as economic crises, cyber attacks, terrorism, climate change and volatile consumer trends, organisational resilience is now more important than ever. Organisational resilience is an entity’s ability to adapt to unpredictability while continuing to meet its corporate goals and… Continue Reading

ISO 20400: Sustainable Procurement

ISO 20400: Sustainable Procurement

The ISO 20400 standard for sustainable procurement has just been published. Procurement plays a large role in any organisation, large or small. Who an organisation buys from has just as big an impact on its performance as what it buys. Ensuring suppliers have sound and ethical practices across everything, from working conditions and risk management… Continue Reading

Have you rebooted your firewall in the last 213 days?

Have you rebooted your firewall in the last 213 days?

Cisco has advised all ASA firewall and Firepower Threat Defence users to reboot their devices or they’ll stop working. A “functional software defect” means the appliances will stop passing traffic after running for 213 days. You can determine the device’s uptime by  using the show version | grep up command. You can also use the show asp drop command to find out whether the… Continue Reading

Mandatory data breach notification scheme passed

Mandatory data breach notification scheme passed

What happened? The Federal Parliament has passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 which will amend the Privacy Act 1988 (Cth) to introduce a mandatory data breach notification scheme. The scheme will come into force on a day to be fixed by Proclamation (or 12 months after the Bill receives Royal Assent) and will require mandatory… Continue Reading

ASD Cyber Security Strategies

ASD Cyber Security Strategies

The Australian Signals Directorate (ASD) has overhauled its mandatory set of minimum cyber security mitigation strategies , doubling the core security controls to eight and expanding its reach to cover a wider threat range than just “targeted” attacks. Until now, the list included four strategies: application whitelisting, patching applications, patching operating system vulnerabilities, and restricting administrative privileges. However the ASD… Continue Reading

Oracle issues 270 critical patches

Oracle issues 270 critical patches

Oracle has released its critical patch update (CPU) for January 2017 . It addresses 270 vulnerabilities across Oracle’s products. 16 are rated as critical with a common vulnerability scoring system (CVSS) v3.0 rating of 9.0 or more. One remotely exploitable flaw that doesn’t require authentication or user interaction – identified as CVE- 2017-3324 – has the… Continue Reading

Measuring the effectiveness of your ISMS

Measuring the effectiveness of your ISMS

How can you tell whether your ISO/IEC 27001 Information Security Management System (ISMS) is effective and efficient? The revised version of ISO/IEC 27004 can help you. The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001. It explains how to… Continue Reading

Pre Contract Supplier Checks

Pre Contract Supplier Checks

It’s an unfortunate state of affairs yet quite common to hear about contractors and suppliers, particularly in the building industry, that “hit the wall” before a job is completed. The best protection against an insolvent supplier is choosing the right one. Here are some tips to help avoid this kind of scenario: Carry out your due diligence on the… Continue Reading

Update on mandatory data breach notification laws

Update on mandatory data breach notification laws

The federal government has introduced a mandatory data breach notification bill into Parliament. Under the bill, organisations that determine they have been breached or have lost data will need to report the incident, and notify customers that are directly impacted or “at risk”. In self-assessing the seriousness of a breach, a key requirement in working out whether… Continue Reading

Proposed changes to Cth Privacy Act

Proposed changes to Cth Privacy Act

Proposed changes to the national Privacy Act would make it a criminal offence to re-identify government data that has been stripped of identifying markers. The changes would also make it an offence to “counsel, procure, facilitate, or encourage anyone” to re-identify anonymised data. Publishing or communicating “any re-identified dataset” would similarly be considered a criminal… Continue Reading

Data Privacy Breach

Data Privacy Breach

The Department of Health published a dataset via its open data portal in August for the benefit of health and policy researchers looking at patterns of demand in the medical products and services consumed by Australians. It includes around 30 years worth of de-identified claims made against the Medicare and Pharmaceutical Benefits Scheme (PBS). It doesn’t contain… Continue Reading

Security & Privacy over Telstra’s National Cancer Database

Security & Privacy over Telstra’s National Cancer Database

Telstra was awarded a five year, $178 million, contract to build and maintain Australia’s new cancer screening register. The register will record cancer screening results for Australian patients, replacing nine existing systems to provide a single record for each affected person. It will interact with My Health Records, Medicare and private health providers. Telstra was called to a Senate… Continue Reading

PCI Data Security Standard v3.2

PCI Data Security Standard v3.2

The Payment Card Industry Data Security Standard (PCI DSS) version 3.2 comes into effect in October 2016. The PCI DSS is a widely accepted set of policies and procedures used to optimise security of credit, debit and cash card transactions and protect cardholders from misuse of their personal information. The following is a summary of… Continue Reading

ISO 27001 documentation requirements

ISO 27001 documentation requirements

At its heart, the ISO 27001 standard is a quality management system focussed on maintaining and improving information security based on ISO 31000 risk management principles. As a quality management system, it promotes the documentation of agreed work practices and checks to ensure compliance with those agreed documents. So what are the documents that need to be… Continue Reading

Victorian Protection Data Security Framework (VPDSF)

Victorian Protection Data Security Framework (VPDSF)

The Victorian Government has issued the Victorian Protective Data Security Framework (VPDSF) that will require agency heads to attest to their compliance with the minimum info sec standards each year. Under the framework, central government agencies will have two years to conduct a risk profile assessment of their own level of vulnerability and write a… Continue Reading

Rogue devices: A brief FAQ

Rogue devices: A brief FAQ

What is a rogue device? Rogue devices include: Purpose built, application specific devices designed to capture passwords, credit and debit cards numbers, pins, keystrokes, and confidential or proprietary data Devices designed to breach WiFi networks, wireless access points, wireless/mobile client devices and Bluetooth devices Devices built to compromise the security of cellular networks Devices designed… Continue Reading

New guide for Directors of public sector entities

New guide for Directors of public sector entities

The Governance Institute has released a new guide “Governance Principles for Boards of Public Sector Entities in Australia”. According to the Institute, instilling and safeguarding public trust and confidence in public sector entities goes to the core of the role and responsibilities of their directors, demanding a diligent and astute approach that can often be very… Continue Reading

SA Health data leaks lead to sackings

SA Health data leaks lead to sackings

South Australia Health has dismissed three personnel for breaching patient record privacy. They were specifically dismissed for “inappropriately accessing” data contained within patient databases. This follows a policy statement issued by the Departmental Chief in February this year warning of penalties for data breaches. However is that enough? Whilst a policy statement is a preventive control of sorts, is… Continue Reading

Cyber security improvements required

Cyber security improvements required

An ANAO audit of the compliance of four Australian Public Service (APS) entities with mandatory security strategies in the Australian Government Information Security Manual(ISM) has found two of the four Agencies had failed to be compliant. The ANAO audit on Cyber Resilience examined administrative practices across the Australian Federal Police (AFP), the Australian Transaction Reports and Analysis Centre (AUSTRAC), the Department of Agriculture… Continue Reading

GP privacy practises require improvement

GP privacy practises require improvement

The Office of the Australian Information Commissioner (OAIC) recently completed an analysis of the privacy practices across Aussie General Practitioner (GP) clinics and found that they should be improved. Peak medical groups (such as the Australian Medical Association (AMA), the Royal Australian College of General Practitioners (RACGP), the Australian College of Rural and Remote Medicine, and the Australian Association of… Continue Reading