GovTEAMS is hosted on Microsoft Azure and Office365 which have been certified by the Australian Signals Directorate https://acsc.gov.au/infosec/irap/certified_clouds.htm.
Finance has undertaken an IRAP assessment of GovTEAMS and accredited the system to hold information up to and including the OFFICIAL: Sensitive * classification. Documentation on which this accreditation is based is available on request from agencies who wish to do their own due diligence on the suitability of GovTEAMS.
GovTEAMS users can report security incidents via the online form located in the top right-hand corner of the GovTEAMS Home page.
* OFFICIAL: Sensitive prior to October 1, 2018 was UNCLASSIFIED (DLM)
Finance undertakes a risk-based approach to ICT Security, including Cloud Security. Finance follows Commonwealth Government Guidelines as laid out in the Information Security Manual https://acsc.gov.au/infosec/ism/
Specifically, GovTEAMS has developed the following:
- System Security Plan
- Security Risk Management Plan
- Incident Response Plan
- Standard Operating Procedures
- Finance also maintains logs of system usage and requires all users to accept the GovTEAMS Terms and Conditions on registration.
How we protect you
- Data at rest within GovTEAMS is encrypted and stored in data centres within Australia.
- Users login to GovTEAMS with Multi Factor Authentication, greatly reducing the risk of compromised credentials.
- Core components of GovTEAMS are subject to the protection of contract terms and conditions between Microsoft and the Commonwealth. Microsoft also provide protection for the Office 365 technologies outlined here https://www.microsoft.com/en-us/trustcenter/cloudservices/office365.