Objective
As part of its service to business, business.gov.au deals heavily with information. It provides information to business and it processes information received from business in the course of performing transactions and giving feedback. In some instances the facility also stores information relating to transactions that have been carried out.
We take strong steps to protect the confidentiality of your information and to ensure information is uncorrupted and is available when you need it.
Scope
As business.gov.au is being developed based on a cooperative model, it relies on cooperation between government agencies. Although the development of the Business Entry Point Initiative is coordinated by the federal Department of Innovation, Industry, Science and Research, many interactions with business.gov.au occur on systems outside our control. These systems are usually under the control of other government agencies at either the federal, state/territory or local government levels. Our boundaries of responsibility are defined by the following:
-
we are responsible for the security of information while it is collected by, stored on or passing through our systems
-
participating agencies are responsible for the security of information while it is collected by, stored on or passing through systems within their control
-
we are responsible for the security aspects of the links from our systems to systems under the control of participating agencies. We will ensure that where you carry out a transaction through business.gov.au, it will be at least as secure as if you had carried out that transaction directly through the relevant agency's website.
We will encourage participating agencies to apply relevant elements of this policy to systems within their control. We will also disseminate information to participating agencies to assist them in this process.
Where connection to a system outside our control compromises the objectives of this Security Policy, we will take steps to rectify the situation. Where appropriate, we may sever links to that system pending rectification.
User awareness of location
Given the division of responsibility for security between us and other participating agencies, we will use our best endeavours to ensure that users of business.gov.au be able to determine whether, at any given time, they are interacting with our systems (which are covered by this policy), other federal systems (covered by the Commonwealth Protective Security Manual) or non-federal systems.
Ownership of information assets
Each piece of information, which either passes through or is stored in any part of business.gov.au, will have a clearly identifiable owner.
For information owned by business (such as information entered by a user of business.gov.au in carrying out a transaction), we will determine the appropriate level of security in consultation with business. Where information is owned by a government agency, that agency will determine the appropriate level of security.
Before a document or a transaction becomes available through business.gov.au, these issues will be addressed to ensure that an appropriate level of security is provided in relation to that document or transaction.
Confidentiality of information
Only authorised personnel and users will be permitted access to information which you provide to business.gov.au. All information collected or passing through our systems will be treated in accordance with relevant legislation or other legal requirements for the protection of the confidentiality, privacy or secrecy of that information.
We will ensure that appropriate safeguards are in place and that, as necessary, the classification of information is undertaken in accordance with identified policies. We will keep the amount of your information collected by, stored on or passing through our systems to an absolute minimum and will only use information for the purpose for which it is provided (see also the Privacy Statement).
Integrity of information
We will use appropriate safeguards to prevent the unauthorised modification of any information that is collected by, stored on or passing through our systems.
Availability of the service
We will determine the availability requirements of our systems in consultation with business users, participating agencies and service providers and will ensure that these requirements are met.
Accountability
Some transactions will provide you with a 'receipt' after you have submitted the transaction. The receipt is intended to inform you that the transaction has been successfully processed by the agency to which you have sent it. Transactions which provide receipts are clearly identified at the outset, so that you will know what kind of receipt to expect and what to do if you do not receive one.
We will undertake auditing and logging of all security related events, including the recording of all necessary information to identify the causes of an event and the person or entity which was responsible for the event. Where such an event occurs, we will take steps to minimise the risk of such an event from occurring in the future. Such steps may lead to further investigation and possible prosecution.