The Queensland Government’s cyber security is only as strong as its most vulnerable third-party provider. Since most entities outsource some information and communications technology (ICT) services, such as hardware supply, hosting, or software, they must assess and monitor their providers' security to protect their own systems and service delivery. Factors like poor security, external influence, and lack of transparency from the third party can potentially increase vulnerabilities.
Who we plan to audit
- selected public sector entities and local governments.
Other entities who may form part of this audit include:
- Department of Customer Services, Open Data and Small and Family Business
- Department of Housing and Public Works.
Audit Objective
In this audit, we will examine how effectively selected public sector entities identify and manage cyber security risks posed by third-party vendors.
Area of focus
Digital
Parliamentary Committee
Local Government, Small Business and Customer Service Committee