Australian Government Architecture
Search

Type

Capability

Reference

.

Mandate

Endorsed

Secure data exchange

Definition

Secure data exchange ensures the safe and efficient transfer and management of large volumes of information within a Commonwealth entity, between entities, or involving external organisations and end users.

Such systems are designed to govern and facilitate these data movements by employing measures like authentication, encryption, access controls and metadata management. These mechanisms work together to maintain security, regulatory compliance and operational integrity throughout the exchange process.

Purpose

Secure data exchange protects enterprise-wide data flows by defining entry and exit points to maintain data integrity and support effective data governance. It also offers a greater level of security and compliance across complex high-volume exchanges than ad hoc file transfers or report sharing.

As a capability, Secure data exchange is realised by:

  • establishing standardised protocols and controls to ensure all large data exchanges across government and external partners are conducted in a secure, reliable and auditable manner
  • using encryption, authentication and access controls to protect the confidentiality, integrity and availability of data during exchange processes
  • enabling structured and controlled communication between systems to authenticate and authorise users, encrypt the exchanged data, protect against concerns such as denial-of-service (DoS) attacks or system overload. This can include prioritising the use of application programming interfaces (APIs)
  • embedding zero trust security practices that adopt the core principle ‘never trust, always verify’ through continuous verification, managing right permissions, identity and access management, cyber resilience and safeguarding sensitive information
  • promoting interoperability with other systems and compliance with legislation and standards by enabling efficient, secure and transparent data sharing practices
  • using appropriate risk management frameworks to identify, assess and mitigate potential security and operational risks associated with data exchange, ensuring resilience and trust in government data sharing practices.

Objectives

The objectives of this information, including the associated Secure data exchange policy and Secure data exchange standard, are to:

  • support entities to safeguard sensitive government information by implementing secure, standardised data exchange practices that ensure confidentiality, integrity and availability of necessary information
  • support seamless and secure data sharing across government entities by informing entities about the adoption of interoperable and well-governed data exchange methods
  • help entities to comply with regulatory and legislative requirements by aligning data exchange practices with established policies and standards
  • promote best practices in secure data exchange, equipping entities with the knowledge to make informed investment decisions and implement effective solutions
  • assist entities to maximise efficiency and minimise risks by leveraging existing secure data exchange investments, implementations and lessons learned to support sustainable and scalable solutions.

Whole-of-government applicability

Commonwealth entities using secure data exchange practices should be aware of whole-of-government strategies that provide direction for this capability. These include the following instruments:

The 2023-2030 Australian cyber security strategy is a roadmap to realise the Government’s vision of becoming a world leader in cyber security by 2030. The capability of secure data exchange supports its agenda through:

  • ensuring that secure data exchange considerations are incorporated into the design, development, and deployment of applications across the Australian Public Service
  • preventing vulnerabilities, reducing the risk of security breaches, and protecting sensitive data and systems.

The Data and digital Government strategy sets a 2030 vision to deliver simple, secure and connected public services for all people and businesses, through world class data and digital capabilities. With data being one of the most valuable assets the government holds, secure data exchange plays a pivotal role in supporting Data and digital Government strategy, by enabling trusted, efficient and interoperable data flows across government systems. The secure data exchange capability supports the following Data and digital Government strategy missions:

  • Simple and seamless services: Secure data exchange enables real-time data sharing between entities, reducing duplication and manual input for users. It also supports automated workflows and facilitates cross-agency collaboration through integrated platforms.
  • Trusted and secure: Secure data exchange elevates public trust in digital services, as it ensures data integrity and confidentiality. By ensuring compliance with privacy and security standards, government is reinforcing its commitment to safe and ethical data use. Lastly, robust access controls help with minimising risks of unauthorised access or data breaches.

Domains

This capability is part of the following domain.
DOM8

Integration and interoperability

Policies

The following policies have requirements that impact this capability.
Secure Data Exchange policy (Position)
POL15
Mandate: Unendorsed
Status: Consulting

Designs

The following designs include examples of how digital solutions in this capability can be delivered.

Intra-government Communications Network (ICON)

DES170

Lead Agency: Department of Finance

Technology Type: Infrastructure

The Intra-government Communications Network (ICON) provides an unmetered and cost-effective telecommunication service, connecting over 130 Australian Government agencies and service providers, through approximately 3800 point-to-point fibre optic links within the Australian Capital Territory.

Strategic Alignment

Digital solutions in this capability can support the following strategies.

2023-2030 Australian Cyber Security Strategy

Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.