Security measures

GovTEAMS is hosted on Microsoft Azure and Office365.

Finance has undertaken an IRAP assessment of GovTEAMS and accredited the system to hold information up to and including the OFFICIAL:Sensitive * classification. Documentation on which this accreditation is based is available on request from agencies who wish to do their own due diligence on the suitability of GovTEAMS.

GovTEAMS users can report security incidents via the online form.

*OFFICIAL:Sensitive prior to October 1, 2018 was UNCLASSIFIED (DLM)

Security policy

Finance undertakes a risk-based approach to ICT Security, including Cloud Security. Finance follows Commonwealth Government Guidelines as laid out in the Protective Security Policy Framework  and the Information Security Manual.

Specifically, GovTEAMS has developed the following:

• System Security Plan
• Security Risk Management Plan
• Incident Response Plan
• Standard Operating Procedures
• Finance also maintains logs of system usage and requires all users to accept the GovTEAMS Terms and Conditions on registration

How we protect you

• Data at rest within GovTEAMS is encrypted and stored in data centres within Australia. Data in transit is encrypted using TLS. For more information about technical security controls and system component location within GovTEAMS, agencies can contact govteams@finance.gov.au.
• Users login to GovTEAMS with Multi-factor authentication, greatly reducing the risk of compromised credentials. Regular checks are made to ensure users maintain their government issued email addresses.
• Core components of GovTEAMS are subject to the protection of contract terms and conditions between Microsoft and the Commonwealth. Microsoft also provide protection for the Office 365 technologies outlined here https://www.microsoft.com/en-us/trust-center/product-overview.