|
Getting your Trinity Audio player ready...
|
Police have confirmed significant progress on a six-month plan to strengthen IT system and device security, following a rapid review that found weaknesses in monitoring and oversight of staff use.
Chief Information Officer Matt Winter says the Police Executive Leadership Team approved a remediation plan with 26 actions to be implemented from July to December 2025.
“We prioritised measures that could be implemented quickly and would prevent staff accessing inappropriate content or detect instances where that had happened,” Winter says.
“Of the 26 actions, eight have been completed and the rest are on track for completion by the end of December.”
He says improvements have already identified a small number of cases of misuse and inappropriate content, which are now under investigation.
Police have released the action plan, with sensitive system security details redacted, and says progress is being overseen by the executive leadership team.
Key improvements include renewed audits of staff data and internet use, stronger website blocking and monitoring tools, tighter oversight of exemptions, better device management, and ongoing work to harden the police network against insider and external threats.
“Police have commenced random audits of staff use as well as a more targeted approach to detect attempts to access inappropriate content,” Winter says.
“The new monitoring and alerting approach has already been successful at identifying use of concern which is now under further investigation.”
Exemptions to web access controls now require Assistant Commissioner or Executive Director approval, while procurement of any non-standard devices must be cleared by the ICT team and Chief Security Officer.
The update follows a rapid review released on July 7, led by Police Commissioner Richard Chambers, which found that while Police had modern security controls and clear policies in place, stronger safeguards were needed around staff internet use, device oversight, and external network access.
At the time, Chambers directed the reintroduction of data-use audits, halted four to five years earlier and a full assessment of police-owned devices operating outside the main network.
He said the review made clear the current settings “were not robust enough and required urgent attention.”
