FOI 22.23 0830 Decision Documents.pdf

FOI 22/23-0830
Page 1 of 7

FOI 22/23-0830

5. Prior to this new found support and embracing of the PSPF, which specific security
standards and framework did the NDIS/NDIA employ, attest to, report to the Attorney
General's Department or provide guarantees, compliance or alignment with to any
other Government/public entity?
Please refer to response provided in Question 1.

Furthermore, whilst the NDIA is not required to report, the Agency have elected to
respond to the Attorney General's Department maturity assessment. This commenced
from 1 July 2021 for the period 1 July 2020 to 30 June 2021.

6. Please provide a copy of the requirement and approval for all these new, sudden
cyber security roles. Has the threat changed?
Please see document 1 and 2 ( see below)

7. How many NDIS staff, contractors, providers and participants have been affected or
compromised as a result of the Medibank, Optus, Australian Clinical Labs, or any
other data breach, compromise or hack?
The NDIA is not responsible for the management of breaches by third parties.  Requests for
information from third parties should be directed to impacted entities.

Page 2 of 7

FOI 22/23-0830
Page 3 of 7

FOI 22/23-0830
Page 4 of 7

FOI 22/23-0830
Page 5 of 7

FOI 22/23-0830
Nick
From: s22(1)(a)(i)  , Bradford <
- irreleva
s22(1)(a)(i )
.xxxxxx@xxxx.xxx.xx
- irrelevant
>
Sent: Tuesday, 11 October 2022 2:18 PM
To: s22(1)(a)(ii)
Nicholas <
- irrelevant m
Nicholass22(1)(a)(ii)
@ndis.gov.au
- irrelevant m
>; s22(1)(a)(ii)  , Glenn
- irrele

<Glenn.s22(1)(a)(i)  @ndis.gov.au
- irrele

>
Cc: s22(1)(a)(ii)   Connie <
- irreleva
Connie s22(1)(a)(ii) - xxxxxx@xxxx.xxx.xx

>
Subject: RE: EL1 Assistant Director CSOC Capability Development [SEC=OFFICIAL]
Thanks Nick,
The statements that have been added are very confusing and distract from the actual duties of
the role. I think having those statement will mean staff don’t apply because they think have large
and wide-ranging responsibility outside their actual remit. I also believe some of the statements
are not true? I don’t think there will be any representation and negotiate on behalf of the NDIA
to advance the NDIA’s interests across a range of forums?
The EL1 Assistant Director CSOC Capability Development is accountable under broad
direction to undertake very complex work that delivers quality outcomes across the
functions of the NDIA.
The EL1 Assistant Director CSOC Capability Development is an important team leadership
position within the NDIA and will have delegated authority and responsibility to resolve
issues and risks across wide-ranging activities of substantial depth involving significant
detail. The role requires providing leadership, control, planning, resource management,
performance management and decision making for the Team Membership and assigned
Contractors working within the work area.
The position is responsible for actively managing key internal and external stakeholder
relationships and where required will represent and negotiate on behalf of the NDIA to
advance the NDIA’s interests across a range of forums.
Regards,
Bradford
Bradford s22(1)(a)(i) - irreleva
Director, Cyber Security Operations
ICT Services Branch
Office of the Chief Information Officer
National Disability Insurance Agency
Canberra, ACT
Email: bradford s22(1)(a)(ii)  @ndis.gov.au
- irrelev

s22(1)(a)(ii) - irrelevant material
From: s22(1)(a)(i)
Nicholas <
- irrelevant m
Nicholas s22(1)(a)(ii)
@ndis.gov.au
- irrelevant
>
Sent: Tuesday, 11 October 2022 2:25 PM
To: s22(1)(a)(ii)  , Bradford <
- irreleva
Bradford.s22(1)(a)(i)
@ndis.gov.au
- irreleva
>; s22(1)(a)(i)  , Glenn
- irrele

<Glenn.s22(1)(a)(i)  @ndis.gov.au
- irrele

>
Cc: s22(1)(a)(ii) - irrele, Connie <

Connie s22(1)(a)(ii) - xxxxxx@xxxx.xxx.xx

>
Subject: EL1 Assistant Director CSOC Capability Development [SEC=OFFICIAL]
Hi Brad & Glen
Great to meet you both today and thank you for your time. Apologies, I don’t have the original
Page 6 of 7

FOI 22/23-0830
Page 7 of 7