This policy ensures all South Australian Government agencies protect their information assets from compromise. It outlines the South Australian Information Classification System (ICS) and associated guidance which all agencies must use to protect the confidentiality, integrity and availability of all official information. The requirements of this policy are designed to mitigate against both intentional and accidental threats and reduce the impact on government business.
Protect official information against compromise*.
*Information compromise includes, but is not limited to: loss, misuse, interference, unauthorised access, unauthorised modification, and unauthorised disclosure.
To protect official information against compromise, agencies must:
- determine the appropriate classification and any protections that apply to official information
- set the classification at the lowest reasonable level to protect against compromise to the confidentiality, integrity or availability of all official information
- ensure all sensitive and security classified information (including emails) are marked with the correct protective markings
- apply the South Australian Recordkeeping Metadata Standard to ensure metadata reflects any protective markings
- ensure all information is handled according to the classification and protective markings assigned to that information
- seek permission from the information originator to make changes to the classification or protective markings
- ensure processes for transferring or transmitting sensitive and security classified information deter and detect compromise
- ensure sensitive and security classified information is stored securely in an appropriate security container for the approved security zone
- ensure sensitive and security classified information is disposed of securely
- be responsible for caveated and accountable material.