Recent cybersecurity audit reports
Dear Services Australia,
I request access to the following documents under the Freedom of Information Act 1982:
1. Recent cybersecurity audit reports.
I understand that the term "recent" is broad, so I would be happy to narrow my request to specific audit reports if you can provide me with a list of any such audits conducted within the past few years.
Please exclude the following information:
i) Names of Services Australia staff below the Senior Executive level (junior staff).
ii) Direct staff telephone numbers, signatures, logon identifiers and email addresses.
Yours faithfully,
CR
Thank you for contacting the Freedom of Information (FOI) team in Services
Australia (the Agency).
This email acknowledges your correspondence and provides some general
information in relation to FOI.
Administrative release of documents
The Agency has administrative access arrangements ('the arrangements') for
the release of certain documents without the need for a formal FOI
request. If you agree to the release of documents under these
arrangements, we may provide you with documents under the arrangements,
where appropriate.
Any parts of your FOI request that are addressed by documents being
released under the arrangements will be considered withdrawn. The
arrangements do not extend to information or materials of third parties.
You will be notified when documents are released to you under the
arrangements.
Personal information of Agency staff
We consider staff details to be personal information of those staff
members. As part of the FOI application process, we will seek your consent
to exclude the following information from documents that may be captured
by your request:
* names of Services Australia staff below the Senior Executive level
(junior staff)
* direct staff telephone numbers, signatures, logon identifiers and
email addresses.
If you consent to exclude this information, we will treat it as outside
the scope of your request and therefore irrelevant under Section 22 of the
FOI Act.
Charges
No charge is payable for providing a person with their own personal
information.
If you are requesting non-personal information the Agency will advise you
as soon as practicable if a charge is payable to process your request, and
the amount of any such charge.
How we will send documents to you
Unless you have requested to receive correspondence and documents relating
to your FOI request via post we will communicate with you via this email
address. Some documents may be too large to send to you via email. If
applicable, we will seek your consent to provide the requested documents
to you electronically via a secure file sharing platform. Please advise us
as soon as possible if you wish correspondence or documents to be sent to
another address, or if your email address changes.
How long do I have to wait?
We are required to answer your request within 30 days unless the time
frame is extended under the FOI Act.
Dear CR (Right to Know)
I refer to your request for documents held by Services Australia (the
Agency) as follows:
Recent cybersecurity audit reports. I understand that the term "recent" is
broad, so I would be happy to narrow my request to specific audit reports
if you can provide me with a list of any such audits conducted within the
past few years.
Publicly available information
We have liaised with the relevant business area of the Agency and was
advised that audit reports are published on the ANAO website:
[1]www.anao.gov.au.
There have been three ANAO performance audits on cyber that have occurred
over the last 10 years. The links are as follows:
o [2]Management of Cyber Security Incidents | Australian National Audit
Office (ANAO)
o [3]Cybersecurity Follow-up Audit | Australian National Audit Office
(ANAO)
o [4]Cyber Attacks: Securing Agencies' ICT Systems | Australian National
Audit Office (ANAO)
For action
Please advise if this information addresses your FOI request. If so,
please respond advising that you wish to withdraw this request.
Alternatively, please provide more information that would assist us to
identify the specific documents you are seeking access to. Please include
details such a defined date range, the type of document, the name of the
document, and/or the nature, content or purpose of the document.
Your response by close of business 11 October 2024 would be appreciated.
Thank you.
Kind regards,
Cherie
Senior FOI Officer
FOI & Reviews Branch, Legal Services Division
[5]Visual brand element showing Services Australia progress symbol to left
with Services Australia wording to the right of the symbol. Underneath is
servicesaustralia.gov.au and icons representing our social media accounts.
To follow us on social media go to servicesaustralia.gov.au/socialmedia
Aligning the bottom of the signature block is the Services Australia
indigenous artwork strip consisting of cultural elements depicting our
agency’s progress story for First Nations people.
Services Australia acknowledges the Traditional Custodians of the lands we
live on. We pay our respects to all Elders, past and present, of all
Aboriginal and Torres Strait Islander nations.
References
Visible links
1. http://www.anao.gov.au/
2. https://aus01.safelinks.protection.outlo...
https://www.anao.gov.au/work/performance...
3. https://aus01.safelinks.protection.outlo...
https://www.anao.gov.au/work/performance...
4. https://aus01.safelinks.protection.outlo...
https://www.anao.gov.au/work/performance...
Dear Cherie,
Thank you for the administrative release of information.
Request withdrawn.
Yours sincerely,
CR
Thank you for contacting the Freedom of Information (FOI) team in Services
Australia (the Agency).
This email acknowledges your correspondence and provides some general
information in relation to FOI.
Administrative release of documents
The Agency has administrative access arrangements ('the arrangements') for
the release of certain documents without the need for a formal FOI
request. If you agree to the release of documents under these
arrangements, we may provide you with documents under the arrangements,
where appropriate.
Any parts of your FOI request that are addressed by documents being
released under the arrangements will be considered withdrawn. The
arrangements do not extend to information or materials of third parties.
You will be notified when documents are released to you under the
arrangements.
Personal information of Agency staff
We consider staff details to be personal information of those staff
members. As part of the FOI application process, we will seek your consent
to exclude the following information from documents that may be captured
by your request:
* names of Services Australia staff below the Senior Executive level
(junior staff)
* direct staff telephone numbers, signatures, logon identifiers and
email addresses.
If you consent to exclude this information, we will treat it as outside
the scope of your request and therefore irrelevant under Section 22 of the
FOI Act.
Charges
No charge is payable for providing a person with their own personal
information.
If you are requesting non-personal information the Agency will advise you
as soon as practicable if a charge is payable to process your request, and
the amount of any such charge.
How we will send documents to you
Unless you have requested to receive correspondence and documents relating
to your FOI request via post we will communicate with you via this email
address. Some documents may be too large to send to you via email. If
applicable, we will seek your consent to provide the requested documents
to you electronically via a secure file sharing platform. Please advise us
as soon as possible if you wish correspondence or documents to be sent to
another address, or if your email address changes.
How long do I have to wait?
We are required to answer your request within 30 days unless the time
frame is extended under the FOI Act.