Principle three : ensure digital connectivity infrastructure is resilient and secure

This principle concerns the resilience and security of digital connectivity infrastructure or ‘plumbing’ and not end-user services, applications or their related data storage requirements. Digital connectivity infrastructure resilience and security should be considered on a risk assessment and business continuity management basis including the criticality and priority of the digital services it supports. 

Assess digital connectivity needs 

The purpose of the infrastructure will determine the resilience and security measures required to maintain operational continuity. This includes risk mitigation against service interruption or loss, diminished quality of service, infrastructure damage, unauthorised use and unauthorised access. 

There may also be legal or regulatory requirements regarding the security and resilience of the digital connectivity infrastructure. For example, the Security of Critical Infrastructure Act 2018 (Cth). 

• Resilience considerations 
• Security considerations 

Resilience considerations 

Areas to consider: 

• The likelihood and impact of damage to, or destruction of, the digital connectivity infrastructure and the services it delivers. 
• The time it would take to restore damaged or destroyed digital connectivity infrastructure.  
• Measures that may be implemented to ensure resilience of the digital connectivity infrastructure against potential disruptions or disasters. For example, redundancy and backup systems. 

Security considerations 

Areas to consider: 

• Specific security measures required by the physical digital connectivity infrastructure. 
• Physical security that may protect the digital connectivity infrastructure and its users from potential threats.