Show download pdf controls
  • Scope

    These guidelines will support contractors who access, process, store or otherwise handle ATO information that is either unclassified or warrants a Dissemination Limiting Marker (DLM).

    Additional protective security measures apply to security-classified material - ATO Physical Security Management and/or IT Security Branch must be consulted if access to information other than unclassified or that bearing a DLM is required.

    The contractor must appoint somebody who is responsible for the security of ATO information.

    Contractors must deliver a plan that describes the security architecture of systems that will store, access or transmit ATO information before starting services. This plan must be approved by ATO IT Security.

    Contractors must establish an IT security review process that measures compliance of IT systems and operations against the ATO IT Security Policy and the ISM and take corrective actions to address areas of non-compliance.

      Last modified: 03 Apr 2017QC 17156