Robust management standards
The Queensland Integrity Commissioner, who administers the Integrity Act 2009, is a statutory office holder and officer of Queensland Parliament. The role of Integrity Commissioner involves:
- providing confidential advice on ethics and integrity matters to Ministers, members of the Legislative Assembly, ministerial employees, senior public servants, and other persons or classes of persons nominated by a Minister
- regulating lobbyist activity and maintaining the lobbyists register
- raising public awareness of ethics and integrity matters
- standard-setting on ethics and integrity matters at the request of the Premier.
The department maintains a register and reports lobbyist contact that occurs with any departmental representatives to the Integrity Commissioner. The department also provides advice, training and awareness to employees and manages conduct matters pertaining to conflicts of interest.
The department is committed to protecting the personal information it holds in accordance with its obligations under the Information Privacy Act 2009 (IP Act). The IP Act regulates how personal information is collected, stored, used, and disclosed by all Queensland Government agencies and their contracted service providers. In providing services, the department ensures that personal information is managed in a fair, secure and ethical manner.
In the 2019–20 financial year, the department refreshed the Information Privacy Plan and extended privacy training across the organisation through a new Accessing Customer Records training module. The online training module provides real life scenarios about accessing customer records, increasing the awareness of privacy protection, and ensuring that employees think about privacy when accessing and using personal information. The module was completed by 91.2 per cent of employees.
To ensure compliance with the Information Privacy Principles, the department continued to conduct Privacy Impact Assessments (PIA) to factor in privacy when planning and delivering projects which involve personal information. During 2019–20 the PIA template was updated to include the consideration of the risk management framework, helping employees to assess risks, make informed decisions, and confidently manage any identified privacy risks.
In March 2020, the department released the Information Management 2020–22 Strategy.
The four objectives are:
- information governance by design – implement value based, standardised, compliant and future focused controls
- information Assets Register activation as the single source of truth
- corporate knowledge building by improving the capability of custodians, managers, and operational roles
- further embed the paper-lite culture.
The department currently manages approximately 18.6 million public records, adding approximately 1 million electronic and 96,000 physical records per annum. Currently 80 per cent of these records are in a digital format.
Cyber Security – Information Security Plan
The department is heavily reliant on digital technologies, devices, applications, and business systems to deliver a range of core and critical services to customers and similar to all organisations, is becoming increasingly exposed to information security breaches and cyber threats.
It has a responsibility to comply with the Queensland Government Information Security Policy (IS:18) in relation to maintaining, securing technology investments, and effectively managing our significant information assets.
To achieve this, the department has implemented, and is continuing to mature, an Information Security Management System (ISMS) that conforms with the International information security Standard ISO/IEC 27001:2013. The ISMS forms the basis of the governance, processes, and controls necessary to ensure risks to systems and information are understood and effectively managed.
To mature its ISMS and improve its security posture, the department has embarked on a comprehensive program of work scheduled for completion by December 2021. This includes:
- enhancing the ISMS foundations to improve information and cyber security maturity and awareness
- implementing strategies and enhanced governance through policy, standards, and processes to effectively manage and respond to information security, and cyber risks
- establishing and implementing appropriate measures to monitor, continually improve, mitigate and manage information security, and cyber-attack risks by increasing resilience across the business
- releasing a mandatory department wide and annually renewed, Cyber Security Essentials online training course.
Queensland Procurement Policy
The department is the largest procurement agency in Queensland, and uses this position to drive government objectives, including value for money and supporting Queensland industries and suppliers, which are primary principles of the Queensland Procurement Policy (QPP).
The key principles at the centre of the QPP focus on putting Queenslanders first when securing value for money and ensuring that all procurement activities provide opportunities for local, regional, and Queensland suppliers—including Indigenous and social enterprises. It incorporates a range of local, social and innovative procurement objectives across its procurement activities.
The department relies on a range of businesses in regional centres across the state to provide the goods and services and deliver the capital works required across the agency from start-ups and small business to medium and large suppliers and understands how important it is to consider local conditions and supply market capacity as part of the overall process.
Table 12: Transport and Main Roads addressable spend with Aboriginal and Torres Strait Islanders, regional and Queensland vendors by financial year
|Total Addressable Spend
|Regional Spend as %
Data source: Aboriginal and Torres Strait Islander vendor list supplied by the Department of Aboriginal and Torres Strait Islander Partnerships. Regional and Queensland vendors identified by applying SAP Vendor Master Data.
Spend data sourced from TMR Spend Cube.