The Customer acknowledges and agrees that, notwithstanding paragraph (1), ESA may, in their
ute discretion, monitor Customer Requests being lodged by or on behalf of the Customer
using the services.
The Customer must bear all costs arising out of any complaints made in connection with the
Customer Requests lodged (including complaints made by any
On request by ESA from time to time, the Customer must provide ESA with information that ESA
may reasonably request concerning the Customer use of the Services.
Payment and Charging
Variation to Fees
ESA may from time to time, in its
absolute discretion, vary the Fees with respect to Services.
ESA undertakes to inform the Customer in advance, of any fee increases.
In lodging a Customer Request, the Customer is considered to have acknowledged and accepted
the fees that are current on t
he date of lodgement.
Basis for charging
The Customer agrees that;
each time a Customer Request is lodged the Customer will be charged the Fees (which
may be varied by ESA from time to time in accordance with this clause
when a Customer Request is received, the Fees will be charged to the Customer as soon
as a Customer Request is entered into the ESA Systems and regardless of whether or not
r Request has been checked for accuracy or completeness; and
the Fees will be set by ESA and as varied by this clause
ESA is under no obligation to pro
ervices if the Customer has not paid Fees to ESA in
clear funds on the due date for payment.
If the Customer fails to comply with any of
any money which the Customer has paid to ESA on account of any Customer Request
forfeited to ESA
ESA may also take legal action against a Customer to recover the balance of the Fees and
any other amounts owing to it under
ESA only offers refunds where ESA determines, at its disc
retion, that extenuating circumstances
apply to the Customer. Customers will not be eligible for a refund of any amounts paid with
respect to the Services if the Customer has not;
provided true and correct information with respect to any relevant Customer
properly and accurately completed any online application with respect to the relevant
properly provided all consents (including by signing and dating any pre
consent form) required by ESA with respect to the releva
nt Services; or
properly provided all identification information required by ESA with respect to the relevant
ESA is not responsible for, and the Customer acknowledges that the Customer is not entitled to,
any refund with respect to;
ta entry errors that have been made by the Customer, the failure by the Customer to
provide required details and other information (including identification information), or the
provision by the Customer of false or incorrect information with respect to th
Customers that have changed their mind after completing a Customer Request;
selection by the Customer of the wrong Agency Check type and/or reason for the Agency
Check when completing the relevant Customer Request; or
by the Customer to properly complete a Customer Request, including by failing to
sign, date and return any informed consent form required with respect to the services.
ESA may charge a non
processing fee of $7.50 (GST inclu
sive) with respect
to any request for a refund.
processing fee will be subtracted from any refund amount that is approved by ESA
and will be retained by ESA.
To request a refund, please email
Refund requests must include the first name and surname, date of birth for the relevant person
for whom the request was made, the reference number with respect to the relevant Services (if
nd a brief description of why the refund is required. ESA will then assess the refund
request and determine if the Customer is eligible for a refund.
To the full extent permitted by Law, ESA reserves the right to reject any application for a refund
Termination of Customer Request
Right to not proceed with a Customer Request
ESA may, at its sole discretion, choose to withdraw and not proceed with completion of a
Customer Request if;
for individuals applying online, the application
process cannot be completed without a valid
credit card/ payment
fees are not paid in full by the due date; or
ESA is unable to contact the Customer for any reason.
Incomplete Customer Requests
The Customer must complete all Customer Requests within three
months after the
If the Customer fails to complete a Customer Request within this time (including
where ESA has
requested further information from the Customer and the Customer has failed to respond)
ESA may, in its absolute discretion
, cancel or archive the Customer Request and any
money that has been paid to ESA, on account of that Customer Request, will be forfeited
ESA is released from all Claims and any obligations to provide the Services in connection
with that Custom
Terms used in this clause have the meaning given to them in GST Law and all amounts payable
under this Agreement are excluding GST.
Where the Goods and Services provided under this Agreement are:
a taxable supply; and
the consideration for
that supply excludes GST,
the recipient must pay an amount equal to the GST in addition to the consideration payable for
The amount of GST will be calculated at the prevailing GST rate.
If the GST rate is varied, the consideration payable for
any supply under this Agreement will be
varied to reflect the change of rate and any reduction in any other tax, duty or statutory charge
connected with the rate change.
Where GST applies to a supply made under this Agreement, the supplier will deliver to
recipient a valid tax invoice or adjustment note at, or before the time payment for the supply is
If an adjustment event occurs in connection with any taxable supply made under this Agreement:
the amount payable by the recipient will be recal
culated to reflect the adjustment event;
payment for the adjustment event will be made by the recipient to the supplier or by the
supplier to the recipient (as the case requires).
Where a party is required under this Agreement to pay or reimburse an
expense or outgoing of
another party, the amount to be paid or reimbursed will be the sum of:
the amount of the expense or outgoing less any input tax credits for the expense or
outgoing to which the other party is entitled; and
if the payment or reimburse
ment is subject to GST, an amount equal to that GST.
Title to and ownership of all Intellectual Property Rights in New Material developed through
services performed under this Agreement, will vest in ESA upon its creation.
ation of the receipt of payment and subject to the Customer performing its obligations
under this Agreement, ESA gives the Customer a non
transferrable, royalty free
licence to use the New Material for commercial purposes.
To remove doubt, t
he Customer is not permitted to sub
licence New Material developed through
services performed under this Agreement without ESA written consent.
does not affect the ownership of any Existing Material belonging to another party
that is used in connection with performing the Services under this Agreement.
For Existing Material, each party grants the other a perpetual, non
royalty free licence to use Existing Material belonging to the other party for purposes related to:
performing the services under this Agreement; and
developing any New Material which may result from the performance of those services
r this Agreement.
Each party warrants that it owns or is legally authorised to use all Existing Material provided by
it that used in connection with performing the services.
ESA also grants the Customer a non
nce to use any
Existing Material belonging to or relied on by ESA that is incorporated into New Material
developed under this Agreement to:
use, reproduce and adapt the Existing Material in accordance with the licence terms
proposed under clause
perform any other act in relation to copyright subsisting in the Existing Material (including
infringing any Moral Rights in the Existing Material).
This clause survives the expiry or early termination of this Agreement.
To remove doubt, each party warrants that all employees, officers, agents, contractors or sub
contractors involved in delivering any of the Services will be bound by this clause.
Parties must ensure that Confidential Information is kept confidential and is not disclosed to any
to its employees, officers, agents, contractors and sub
contractors to the extent needed
for the performance of this
where disclosure is authorised or required by law; or
with the Disclosing Party’s consent.
Each party must:
ensure that all Confidential Information is kept reasonably secure;
ensure that all Confidential Information is only used for purposes di
rectly related to the
provision and use of Goods and Services, and only the relevant purpose for which it is
immediately notify the other party if it becomes aware of any breach of this clause, or if a
disclosure of Confidential Infor
mation is required by law;
if requested by the Disclosing Party:
deliver or destroy all documents, records or files in its possession or control which
contain Confidential Information in accordance with the Disclosing Party’s
its officers, employees, agents and sub
contractors a deed of
confidentiality in a form acceptable to the Customer.
To remove doubt, each party warrants that:
all employees, officers, agents, contractors or sub
contractors involved in the provision or
eipt of Goods and Services under this Agreement will be bound by this clause; and
they will immediately notify the other party upon discovering there has been a breach of
applies if the goods and services under this Agreement will involve:
the transfer of Personal Information; or
the provision of services to a third party for a relevant person to whom
Unless authorised by law, each party must:
ensure that Personal Information is protected against loss and unauthorised access, use,
modification, disclosure or other misuse;
not use Personal Information other than for the
purposes directly related to providing the
Goods and Services under this Agreement;
not disclose Personal Information without the prior written consent of the relevant person
to whom it belongs;
ensure that access to Personal Information is restricted to t
hose persons who require
access in order to perform their duties under this Agreement;
ensure that its employees, officers, agents, contractors and sub
contractors comply with
the same obligations imposed on ESA under this clause;
fully and promptly coope
rate with the Disclosing Party in order to respond to any
applications or privacy complaints which require access to, or amendment of, a document
containing a person’s Personal Information;
immediately notify the Disclosing Party if the Receiving Party bec
omes aware or any
unlawful use or disclosure of Personal Information in its possession or control;
comply with such other privacy and security measures as agreed to in writing from time to
if requested by the Disclosing Party, promptly return or
destroy any record, document or
file which contains Personal Information.
Each party must also:
ensure its employees, officers, agents, contractors and sub
contractors are bound by this
immediately notify the Disclosing Party upon becoming awa
re of any breach of this clause.
ESA will, in accordance with its information security policy
only use Customer Data held by ESA
(or to which ESA has access)
for the purpose of fulfilling its obligations under
as required b
y Law and, where applicable, under any agreement ESA has with a
Government Agency in relation to the provision of the Services (including specifically any
agreement ESA has with ACIC with respect to the National Police Checking Service
established by ACIC)
ESA will also:
establish and maintain reasonable safeguards against the destruction, loss or alteration of
Customer Data in the possession, custody or control of ESA; and
use its best
endeavours to protect the Customer Data from destruction, loss, alteration or
security breaches while the Customer Data is stored in the ESA Systems.
The Customer warrants to ESA that;
it has the requisite power and authority to enter
and to carry out the
obligations contemplated by
the transmission of Customer Requests (or related data or information) will not infringe the
Intellectual Property Rights or other rights of any person, it holds (and will at all times
continue to hold) all rights permits, licences, authorisations and accr
editations required for
it to perform its obligations under
the performance of its obligations under
will comply with all such rights,
permits, licences, authorisations and accreditations; and
not contravene any applicabl
Limitation of Warranties and Liability
Subject to clauses
and to the fullest extent permitted by law, the sole obligation of the
ESA under this Agreement is to:
use its best endeavours to provide the goods and services; or
where statutory conditions or statutory warranties are applica
supply the services again;
repair or replace (at the ESA’s discretion) any part of a goods which is found to be
defective during the relevant warranty period; or
) or (
) are not capable of providing an appropriate remedy, to provide a
equal to the value of the amount paid for a Customer Request.
In no event shall the ESA be liable for any Loss that is the subject of any Claim related to:
the negligent or faulty use of the goods and services supplied by ESA to the Customer
negligent or misleading advice;
direct Loss resulting from the Customer’s actual, attempted or failure to use or rely the
relevant services; and
any indirect, special or consequential Loss or injury to any person, corporation or other
entity that arises
through the ESA’s negligence, breach of contract or under any other
theory of liability.
If any goods supplied under this Agreement are supplied to the Customer as a 'consumer' under
the Australian Consumer Law:
the consumer will have the benefit of certa
excludable rights and remedies for those
goods or services; and
excludes or restricts or modifies any condition, warranty, right
or remedy available under the Australian Consumer Law.
If the Goods are not acquired for ord
inary personal, domestic or household use under the
Australian Consumer Law, the Seller limits its liability for payment to the Customer (or any person
claiming through the Customer) of an amount equal to the lowest of:
supplying the services again;
st of replacing the goods or supplying equivalent goods;
the cost of repair of the goods;
the cost of having the goods repaired or replaced; or
are not capable of providing an appropriate remedy, to provide a refund equal
to the value of the Customer Request.
The Customer also ack
nowledges that if the ESA suffers a loss in connection with attending to
and servicing a request from the Customer that is not covered by:
a voluntary warranty; or
a statutory warranty under Australian Consumer Law,
the Customer must reimburse the Seller
for reasonable losses suffered and other costs incurred
in connection with attending to such requests.
The Customer indemnifies ESA and its Personnel (those indemnified),
from all Loss resulting
from any Claim that directly or indirectly arises
out of or in connection with;
a breach of
by the Customer;
the transmission of any Customer Requests or Agency Checks;
any negligent or fraudulent act, error or omission on the part of the Customer or its
loss of or damage to any
property or injury to or death of any person caused by any act or
omission of the Customer; or
any Claim by a third party against ESA relating to the Services or the subject matter of
The Customer’s indemnity under clause
is proportionately reduced to the extent that ESA
has caused or contributed to the Loss that is the subject of the Claim.
Termination and Suspension of Service
Termination by the LEC for conven
If the Customer is a LEC, t
he LEC may terminate
at any time, for convenience,
by giving ESA five business days’ notice in writing to that effect.
Termination by ESA
Notwithstanding any other provision in
, ESA reserves it
s right to withdraw or
suspend any Services for any reason that ESA deems appropriate.
ESA may, at its absolute discretion and without giving any reason, refuse to provide Services to
a Customer or any person or persons.
Termination by ESA for cause
immediately by notice to the Customer if;
the Customer commits any breach of
capable of remedy and the Customer fails to remedy the breach within 14 business
days after receiving written notice requiring
it to do so; or
incapable of remedy.
the Customer ceases to be able to pay its debts as they become due or fails to comply
with a statutory demand;
any step is taken by a mortgagee to take possession or dispose of the whole or part of the
, operations or business;
any step is taken to enter into any arrangement between the Customer and its creditors;
any step is taken to appoint a receiver, a receiver and manager, a trustee in bankruptcy, a
provisional liquidator, a liquidator, an administr
ator or other like person of the whole or part
of the Customer assets, operations or business;
the Customer disposes of the whole or part of its assets, operations or business other than
in the ordinary course of business;
the Customer ceases to carry on b
where the Customer is a partnership, any step is taken to dissolve that partnership; or
the ESA is satisfied on reasonable grounds that the Customer is unable or unwilling to
satisfy the terms of this Agreement.
does not affect ESA’s other rights under this Agreement or otherwise at law.
Termination of Website access
Access to the Website may be terminated at any time by ESA without notice. Any provisions of
that can survive termination will nevertheless survive any such termination.
Termination of Accredited Body’s Agreement with ACIC
ESA may terminate
this service or reduce the scope of the service (including by reducing or
Nationally Coordinated Criminal History Check
categories) by notice at any time,
as a result of a termination or reduction of Scope of ESA’s agreement with
will not be entitled to any compensation whatsoever including for loss of prospective
profits or loss of any benefits that would have been conferred on the LEC if the termination or
reduction had not occurred. ESA will only be liable for repayment of any
coordinated criminal history checks requested, and paid for, by the LEC prior to the effective date
does not affect ESA’s other rights under this Agreement or otherwise at law.
Consequences of Termination
On expiry or termination of
for any reason the Customer must;
promptly return or delete all materials, information and documentation provided to it by
ESA in connection with
refrain from accessing or using any ESA Systems (including the Web Tools), and ensure
that none of its Personnel access or use a
ny of the ESA Systems
Subject to this Agreement, ESA may;
retain any Fees that have been paid to it;
terminate all means or modes of access and use of the ESA Systems by the Customer
and its Personnel; and be regarded as discharged from any further obligat
The Customer acknowledges and agrees that ESA may keep a reasonable number of copies of;
the Customer's Confidential Information disclosed to ESA under
the Customer Data, for record keeping and quality contro
l purposes, to allow ESA to
comply with all applicable Laws.
Criminal History Check Disputes
Disputes arising from
the goods and services provided under this Agreement
are to be handled
by ESA in accordance with ESA’s ACIC Agreement.
he Customer agrees to provide ACIC with any information or materials reasonably requested
, in order to allow
to resolve any dispute between itself and ESA.
Terms and Conditions Disputes
applies only to disputes about
If the parties have a dispute about
or any dispute arising under this contract that
is not related
the Party claiming that there is a dispute will send the other Party a notice setting out the
nature of the dispute (
the Parties will try to resolve the dispute through dir
ect negotiation, including by referring
the matter to persons who have the authority to intervene and direct some form of
Accrued Rights and Remedies
will not prejudice any right of action or remedy which may have
accrued to either party prior to such termination.
Notices and Other Communications
Service of notices
Except as otherwise provided under
, a notice, demand, consent, approval o
(Notice) must be;
in writing, in English and signed by a person duly authorised by the sender; and
hand delivered or sent by prepaid post or email to: PO Box 908, Maroochydore Q4556 OR
Effective on receipt
A notice given in accordance with this clause takes effect when taken to be received (or at a later
time specified in it), and is taken to be received;
delivered, on delivery;
if sent by email, two hours after the time that the email is sent (unless the sender receives
notification during that time that delivery of the email was not successful);
if sent by prepaid post, on the second Business Day after th
e date of posting (or on the
seventh Business Day after the date of posting if posted to or from a place outside
if sent by facsimile, when the sender's facsimile system generates a message confirming
successful transmission of the
ESA may embed, incorporate or use verification functionality or features with respect to Agency
Checks, which may include
the provision of
access to an online verification of the Agency Information contained in the
nt Agency Check
other security or integrity measures as determined by ESA.
The Customer consents
and agrees that
such third party may also access the relevant Agency Information of the relevant individual
(being the subject of the Agency Check)
use such verification functionality or features with respect to Agency Check
The Customer agrees that providing such third parties with access to the relevant Agency
Information in accordance with such verification functionality or features is
reasonable, and required to maintain security and integrity of the relevant Agency Check.
The Customer must:
not provide use of the Service or access to Nationally Coordinated Criminal History Checks
any Police Information or Personal Information about a relevant person to an
overseas recipient unless the Customer has the prior approval of the relevant person;
act as if it were an APP Entity;
grant ESA a right of access to the Customer ’s premises (an
d to data, records and other
material relevant to the use of the Service and the handling of Police Information, including
the right to copy), which ESA must exercise reasonably and subject to the
reasonable safety and security requirements;
will not submit to ACIC any request for a Nationally Coordinated Criminal History Check
unless it has collected the relevant person’s application and Informed Consent in accordance
with the requirements set out in ACIC national security and intelligence f
Limitations of Service
The Customer agrees that the provision of a Nationally Coordinated Criminal History Check to
the Customer is for use on the following conditions:
ACIC makes no representation or warranty of any kind in respect to accuracy;
ACIC does not accept responsibility or liability for any omission or error in the
Coordinated Criminal History Check
ACIC suspends or reduces ESA’s level of access to, or use of, the service; and
that suspension or reduction affects ESA’s ability to provide the Service to the
of access to, or use of, the
be suspended or reduced by ESA
Protection of Police Information and other Personal
The Customer acknowledges that its use of the
ervice involves the collection, use and possible
disclosure by the Customer of Personal Information or Police Information.
The Customer must in its use of the Service;
collect, use or disclose Pers
onal Information and Police Information only for the Nationally
Coordinated Criminal History Check Category and related administration;
not collect, transfer, store or otherwise use Police Information outside Australia, or allow
parties outside Australia t
o have access to Police Information, unless a Permitted Offshore
Transfer circumstance applies;
not disclose Police Information other than for the purpose for which the relevant person
gave Informed Consent unless it has the prior written approval of ACIC;
not commit any act, omission or engage in any practice which is contrary to Privacy Law;
not do any act or engage in any practice that would be a breach of
the Australian Privacy
Principles to the extent they are applicable
ds to keep Personal Information and Police Information
comply with any directions or guidelines in relation to the treatment of Personal Information
and Police Information, notified to the Customer by ESA; and
ensure that all Personnel who are requ
ired to deal with Personal Information and Police
Information are made aware of the obligations of the Customer set out in this clause.
The Customer must, on request by the ESA or ACIC, promptly provide ESA or ACIC with a copy
of the Customer’s privacy pol
icy to the extent that it is required to have one.
The Customer must not alter the content of a Nationally Coordinated Criminal History Check
provided to the Customer by ESA or by ACIC, including;
any Police Information; and
any Personal Information
stomer must destroy or securely dispose of all hard and electronic copies (including
backed up versions held on servers or other media) of each Nationally Coordinated Criminal
History Check within fifteen (15) months following the receipt of the nationally
criminal history check.
The Customer must notify ESA immediately if the Customer becomes aware of a breach or
possible breach of any of the obligations contained in or referred to in this clause
Audits and Access to Premises and Information.
ACIC may conduct audits relevant to the Customer’s compliance with this Agreement.
Audits may be conducted of:
the Customer’s operational pract
ices and procedures as they relate to police checks.
the Customer’s compliance with its privacy and confidentiality obligations under this
Agreement including that the Nationally Coordinated Criminal History Check has been
used only for the Nationally Coor
dinated Criminal History Check Category; and
any other matters determined by ACIC to be relevant to the use of the Services or the
performance of the service.
The Customer must participate promptly and cooperatively in any audits conducted by ACIC or
Each Party must bear its own costs associated with any audits.
For the purposes of ACIC conducting audits under this clause 20 (5), the Customer must, as
required by ACIC or its authorised Personnel;
grant ACIC and its authorised Pers
onnel access to the Customer’s premises and data,
records and other material relevant to the performance of this Agreement; and
arrange for ACIC and its authorised Personnel to inspect and copy data, records and other
material relevant to the performance o
f this service.
The rights referred to in this clause are, wherever practicable, subject to the Customer’s
reasonable security requirements or codes of behaviour, except where ACIC or its authorised
Personnel believes that there is a suspected or actual b
reach of law.
The rights of ACIC under this clause apply equally to;
General or a delegate of the Auditor
the Privacy Commissioner or a delegate of the Privacy Commissioner;
the Commonwealth Ombudsman or a delegate of the Commonwealth
the purpose of performing the Auditor
General’s, Privacy Commissioner’s or the
Commonwealth Ombudsman’s statutory functions or powers.
Access to Documents
If the Commonwealth receives a request for access to a document created by or in th
possession of the Customer that relates to the services provided by ACIC or ESA, they may at
any time by notice require the Customer to provide the document to ACIC and the Customer
must, at no additional cost to the Commonwealth or ESA, promptly comply
with the notice.
If the Customer receives a request for access to a document in its possession that relates to this
Service, the Customer must consult with ESA and ACIC upon receipt of the request.
ESA reserves the right to amend
from time to time
Amendments will be effective immediately upon uploading on the Website. The Customer’s
continued use of the Website (or submission of any Customer Requests) following such
uploading will represent an agreement by the Custo
mer to be bound by
The Customer agrees that it is responsible for checking the Website and reviewing the latest
to ensure that it is satisfied with the terms and conditions as applicable
at any given tim
Approvals and consents
expressly states otherwise, a party may, in its discretion, give
conditionally or unconditionally or withhold any approval or consent under
may only assign its r
with the prior written consent of
Neither party is liable for any failure to perform or delay in performing its obligations under
if that failure or delay is due to anything beyond that party's r
This clause does not apply to any obligation to pay money.
The deadline for any obligation that is affected by the Force Majeure will be extended by a period
equivalent to the period for which the Force Majeure has prevented that obligat
Each party must do, at its own expense, everything reasonably necessary (including executing
documents) to give full effect to
and any transaction contemplated by it.
Any indemnity or any obligati
on of confidence under
is independent and survives
Any other term by its nature intended to survive termination of
Each clause of
and each part of each clause must be read as a separate and
If any provision is found to be void or unenforceable, that provision may be severed and the
will continue in force.
A party does not
waive a right, power or remedy if it fails to exercise or delays in exercising the
right, power or remedy.
A single or partial exercise of a right, power or remedy does not prevent another or further
exercise of that or another right, power or remedy.
iver of a right, power or remedy must be in writing and signed by the party giving the waiver.
If we waive any rights available to us under
on one occasion, this does not mean
that those rights will automatically be waived on any other occas
expressly states otherwise, it does not create a relationship of
employment, trust, agency or partnership between the parties.
Governing law and jurisdiction
are governed by the laws of Queensland, Australia, and each party irrevocably
and unconditionally submits to the non
exclusive jurisdiction of the courts of Queensland,
The Website may contain links to other websites (linked websites). Th
ose links are provided for
convenience only and may not remain current or be maintained.
ESA is not responsible for the content or privacy practices associated with linked websites.
The links with linked websites should not be construed as an endorsement,
recommendation by ESA of the owners or operators of those linked websites, or of any
information, graphics, materials, products or services referred to or contained on those linked
websites, unless and to the extent stipulated to the contrary.
Attachment One (
In accessing the service, LECs must implement the security management measures set out in
Attachment Two to ensure against:
misuse, interference, loss, unauthorised access, modification or disclosure o
f a relevant
person’s Personal Information;
unauthorised access to and use of the service;
unauthorised access to Police Information in the Service Support National Police Checking
Service Support System (NSS); and
loss and unauthorised access, use,
modification or disclosure of Police Information stored
outside of NSS.
This information is provided to assist LECs to understand their obligations and comply with
’s security management standards.
Information Security Policy
The LEC must develop, docu
ment and maintain an Information Security Policy (
clearly describes how it protects information and which is consistent with this Agreement.
The Policy should be supported by the LEC’s senior management and be structured to include
any legal f
ramework relevant to the Policy, such as the Australian Crime Commission Act 2002
(Cth) and this Agreement.
The Policy must include adequate details on how it is enforced through physical, technical and
administrative controls, including details on:
pe or class of information that the Policy applies;
information security roles and responsibilities relating to the Service;
security clearance requirements and its Personnel’s responsibilities;
configuration and change control;
technical access controls;
networking and connections to other systems;
physical security (including media security); and
ICT environment must be secured in accordance with the Policy and should:
be protected by appropriately configured gateway environment (including firewalls);
include technical access controls protecting any National Police Information stored
y outside of NSS, for example, restricted file system permissions; and
maintain a static IP address to avail web services (if applicable).
Workstations and server infrastructure involved in the storage or processing of National
Information and Personal Information should be secured in accordance with the Policy and
run current and patched operating systems;
run current and patched software, including browsers (N
1 on browsers is acceptable
providing patching is ma
virus software application installed up
date virus definition files; and
run application whitelisting software (desirable).
Administrative or privileged access to infrastructure is to be minimised and only used when an
e function is required.
System accounts that are involved in the storage or processing of National Police Information
should be subject to a password policy that sets out;
no less than 10
character passwords including a minimum of one numer
ical and one upper
password reset cycle no longer than 90 days;
users to select strong passwords (avoid dictionary words);
ensure unused accounts are disabled and removed; and
computers lock after 15 minutes of inactivity.
Personnel involved in storage or processing of National Police Information and Personal
Information must be provided with the information security awareness training related to;
their responsibilities as defined in the Policy;
what constitutes authorised
access to information; and
their obligations with regard to reporting of information security issues or incidents.
Any information security issues or incidents must be reported immediately to ESA where the
consequence may impact or
has impacted on ESA or ACIC’s systems or information. This
includes loss or compromise of digital certificates or associated passwords.