Platforms

TikTok

In April 2023, Cyber Security NSW issued a directive to remove the TikTok app from all NSW Government devices.  Those who wish to use TikTok on a personal device must ensure no corporate data is accessed on the device. The directive from Cyber Security NSW follows a federal government mandate to remove TikTok from all Commonwealth Government issued devices.

If there is a business need to use/continue to use TikTok as part of your role or for a marketing campaign, you will need to seek advice from your Information Security team.

In addition, a review including a risk assessment, should be submitted to the Department of Customer Service Chief Information Security Officer (CISO) and the NSW Chief Cyber Security Officer, who can be contacted via email: dcs_ciso@customerservice.nsw.gov.au.

Employees are not able to use TikTok on corporate issued devices, or BYO devices (all personal devices used to access work platforms via a browser or app are considered BYO devices) where they also access corporate information, including Microsoft Outlook, Teams, and SharePoint. This ban includes opening the app, web browser or links associated with the social platform.

However, government employees can use the TikTok on their personal devices provided the device does not contain corporate information.

Direction on TikTok application

Twitter

Twitter changed its verification process in April 2023. It has replaced existing blue ticks for verified organisations/people with a subscription system where anyone who pays can receive a blue tick. This can open the door for fake and impersonation accounts. We have been advised that all NSW Government Twitter accounts are now eligible for a ‘government-specific’ verification via a grey tick.  A grey tick is free and can be applied for here: https://help.twitter.com/en/forms/grey-checkmark-request/redirect. A grey tick is preferable over a blue tick as it is only issued to government organisations and not paying customers.   

As part of your usual business process, we recommend regularly reviewing your agency's social channels. Your organisation should only be using Twitter if there is a unique or immediate need to be on the platform (for example, to communicate with an audience that is unique to the platform, communicating timely or emergency information, or needing to connect with customers in a way that is specific to Twitter).  

If you determine there is no longer a need for a Twitter account, don’t close the account. This would free up the username for anyone to register. Instead, we recommend that you create a pinned post using the below wording:  
‘This is the official Twitter account for [name of agency]. We are no longer posting on this account, and it is not monitored. For updates, please visit our website.’