Policy

  1. This policy ensures all South Australian Government agencies protect their information assets from compromise. It outlines the South Australian Information Classification System (ICS) and associated guidance, which all agencies must use to protect the confidentiality, integrity and availability of all official information. The requirements of this policy are designed to mitigate against both intentional and accidental threats and reduce the impact on government business.

Protect official information against compromise [1]

[1] Information compromise includes, but is not limited to loss, misuse, interference, unauthorised access, unauthorised modification, and unauthorised disclosure

  1. To protect official information against compromise, agencies [2]must:
    1. determine the appropriate classification and any protections that apply to official information
    2. set the classification at the lowest reasonable level to protect against compromise to the confidentiality, integrity or availability of all official information
    3. ensure all sensitive and security classified information (including emails) are marked with the correct protective markings
    4. apply the Minimum Recordkeeping Metadata Requirements Standard to ensure metadata reflects any protective markings
    5. ensure all information is handled according to the classification and protective markings assigned to that information
    6. seek permission from the information originator to make changes to the classification or protective markings
    7. ensure processes for transferring or transmitting sensitive and security classified information deter and detect compromise
    8. ensure sensitive and security classified information is stored securely in an appropriate security container for the approved security zone
    9. ensure sensitive and security classified information is disposed of securely
    10. be responsible for caveated and accountable material.

[2] This policy applies to all South Australian public sector agencies (as defined in section 3(1) of the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”.

Guidance

  1. Official information is all information created, sent and received as part of work of the South Australian Government. This information is an official record, and it provides evidence of what an agency has done and why. All official information must be protected according to the business impact that compromise of the information could cause from intentional or accidental threats.
  2. Determining the appropriate classification of information in the South Australian Government promotes responsible management of information, open and transparent government and accountability for policies and practices that inappropriately or incorrectly classify information.

  1. Classification enables agencies to protect their information in a consistent, organised and appropriate way. Table 1 lists the classifications that have been approved for use in the South Australian Government.
UNOFFICIAL UNOFFICIAL can be used for non-work related information. Use of the protective marking is optional, but may be required by ICT systems (e.g., emails).
OFFICIAL OFFICIAL describes routine information created or processed by the South Australian Public sector with a low business impact. Use of the protective markings is  optional, but recommended, and may be required by ICT systems (e.g., emails).
OFFICIAL:Sensitive [3]OFFICIAL: Sensitive identifies sensitive but not security classified information. It is a single dissemination limiting marker (DLM) which indicates that compromise of the information may result in limited damage to an individual, organisation or government generally. Use of the protective marking is mandatory.
PROTECTED [4]PROTECTED is a security classification which indicates that compromise of the information may result in damage to the state or national interests, organisation or government generally. Use of the protective marking is mandatory.
SECRET [4]SECRET is a security classification which indicates compromise of the information may result  in serious damage to the state or national interests, organisations, or individuals. Use of the protective marking is mandatory.
TOP SECRET [4]TOP SECRET is a security classification which indicates compromise of the information may result in exceptionally grave damage to the state or national interests, organisations, or individuals. Use of the protective marking is mandatory.
  1. The information’s originator is responsible for assigning the classification level, all protective markings and any additional handling instructions. The more valuable, important or sensitive the information is assessed to be, the greater the consequences could be. The potential consequences to individuals, organisation or the government caused by compromise of the information’s confidentiality determines its classification.
  2. Sometimes, not all the information in a document has the same classification. In these instances, the document must be classified according to the most sensitive or security classified information (see section 28. Paragraph grading indicators for more information).
  3. Annex Table 1 provides examples of the potential business impacts from compromise to the confidentiality of official information. The BIL tool should be used to help achieve consistent classification of information across the South Australian Government. [5] The BIL tool is consistent with the Commonwealth PSPF.
  4. The BIL tool can also be used for secondary assessments of the potential consequences from compromise of the availability or integrity of the information. If compromise to the integrity or availability is assessed to have a higher impact than compromise of the confidentiality, additional security measures (such as ICT, personnel or physical controls) may be warranted.

[3] Examples of OFFICIAL: Sensitive information may include:

  • official information governed by legislation that restricts or prohibits its disclosure, imposes certain use and handling requirements, or restricts dissemination (such as information subject to legal professional privilege, patient/practitioner confidentiality or some types of ‘personal information’, as covered in Premier’s Circular PC012 Information Privacy Principles (IPPS) Instructions that may cause limited harm to an individual if disclosed or compromised). Where compromise of personal information, including sensitive information would lead to damage, serious damage or exceptionally grave damage, this information warrants a security classification. Although some personal information would not be considered sensitive for the purposes of this policy, the assessment of the damage to the individual caused by compromise may warrant the higher classification.
  • commercial or economic data that, if compromised, would undermine a South Australian organisation or company, and/or provide an unfair economic advantage.
  • information that, if compromised, would impede development of government policies.

[4] Information classified at this level is considered security classified and must be handled in accordance with the requirements set out in this policy, including the for the user to be appropriately security cleared and need to know that information.

[5] The BILs are not intended to be proscriptive, but rather can be used to help determine the appropriate classification

  1. The originator must set the classification at the lowest reasonable level to enable information to be accessed by the highest number of people with an identified need-to-know. This requirement also helps to reduce over-classification of official information.
  2. Over-classification can result in access to official information being unnecessarily limited or delayed, onerous administration and procedural overheads which add to costs and classifications being devalued or ignored by staff and recipients.
  3. The originator must not apply sensitivity or security classified markings to information where it:
    1. restrains competition
    2. hides violations of law, inefficiency, or administrative error to prevent embarrassment to an individual or agency
    3. prevents or delays the release of information that does not need protection in the state or national interest.

  1. A caveat is a warning that the information contained has special protections in addition to those indicated by the classification [6]. There are four broad types of caveat:
    1. sensitive compartment information (codeword) [7]
    2. foreign government markings
    3. special handling instructions
    4. releasability caveats
  2. Accountable material is information requiring strict control over its access and movement. Accountable material includes:
    1. TOP SECRET security classified information
    2. some types of caveated information, being:
      1. all codeword information
      2. select special handling instruction caveats, particularly SA CABINET material at any classification
      3. any classified information designated as accountable material by the originator [8]
  3. All agencies must be responsible for caveated or accountable material in accordance with the originator’s special handling requirements.
  4. Using caveats

  1. The special handling requirements of a caveat apply in addition to the classification’s handling requirements. Caveats must not be removed or changed without approval of the information’s originator.
  2. Table 1 outlines the types of caveats that may be encountered, or required, in the South Australian Government [9]. See section 20. Protections for official information for guidance on how to apply caveats correctly.

Table 1 - Types of caveats

Caveat typesCaveatWhat kinds of information does this type of caveat cover?What special handling requirements does this caveat impose?

Special handling instructions

Special handling instructions indicate particular precautions for information handling.

SA CABINET

The SA CABINET caveat identifies any material that:

  1. is prepared for the purpose of informing the South Australian Cabinet
  2. reveals the decisions and/or deliberations of the South Australian Cabinet
  3. is prepared by departments to brief their ministers on matters proposed for South Australian Cabinet consideration
  4. has been created for the purpose of informing a proposal to be considered by the South Australian Cabinet.
The South Australian Cabinet Handbook specifies handling requirements for South Australian Cabinet documents. This includes applying a classification of at least OFFICIAL: Sensitive to all South Australian Cabinet documents and associated records.

EXCLUSIVE FOR (named person)

The EXCLUSIVE FOR caveat identifies material intended for access by a named recipient only.

Access to EXCLUSIVE FOR material is limited to a named person, position title or designation. A classification of at least OFFICIAL: Sensitive must be applied.

NATIONAL CABINET

The NATIONAL CABINET caveat identifies any material that:

  1. is prepared for the purpose of informing the National Cabinet
  2. reveals the decisions and/or deliberations of the National Cabinet
  3. is prepared by departments to brief their ministers on matters proposed for the National Cabinet consideration
  4. has been created for the purpose of informing a proposal to be considered by the National Cabinet.

The Commonwealth’s Cabinet Handbook specifies handling requirements for Cabinet documents. Information marked with the NATIONAL CABINET caveat is to be handled in accordance with Cabinet conventions and within legal frameworks and processes such as Freedom of Information, parliamentary inquiries, and judicial processes. This caveat can be applied to information marked as OFFICIAL: Sensitive or with a security classification.

Access to information marked NATIONAL CABINET must be consistent with the handling requirements of the classification and any additional protective markings.

Releasability caveats

Releasability caveats limit access to information based on citizenship.

Agencies may need to be aware of releasability caveats which are primarily used within the national security community.

Releasability caveats appear only with security classifications (PROTECTED or higher)

There are three (3) releasability caveats used across government:

Australian Eyes Only (AUSTEO)

The AUSTEO caveat indicates only Australian citizens can assess the information. Additional citizenships do not preclude access.

Information marked AUSTEO is only passed to, or accessed by, Australian citizens.

While a person who has dual Australian citizenship may be given AUSTEO-marked information, in no circumstance may the Australian citizenship requirement be waived.

Australian Government Access Only (AGAO)

In limited circumstances, AGAO is used by National Intelligence Community (NIC) agencies.Non-NIC agencies must handle AGAO material as if it were marked AUSTEO.

Releasable To (REL)

The Releasable To (REL) caveat identifies information that has been released or is releasable to the indicated foreign countries only [10]

For example, REL AUS/CAN/GBR/NZL/USA means that the information may be passed to citizens of Australia, Canada, United Kingdom, New Zealand and the United States of America only.

The caveat is an exclusive marking that disqualifies a third-party national seconded or embedded in a foreign government entity from accessing the information.

Foreign government markings  Foreign government markings are applied to material created by Australian agencies from foreign source information.

If an agency receives foreign government marked information, agencies must apply the South Australian Protective Security Framework (SAPSF) policy Security governance for international sharing.

Agencies must safeguard foreign government marked information to at least the equivalent to that required by the foreign government providing the information.

[6] Caveats are not a classification and must only appear with an appropriate classification marking.

[7] A codeword indicates the information is of sufficient sensitivity that it requires protection in addition to that offered by a security classification. Access is controlled by strict need-to know requirements. Use of codewords is primarily within the national security community and the meaning is unrelated to the subject of the information. If an agency receives codeword information in any form, agencies must seek specific guidance from the originating entity.

[8] Accountable material may vary from agency to agency and could include material such as budget papers, tender documents and sensitive ministerial briefing documents.

[9] Additional guidance on the use of caveats, including the types that may be encountered on Australian Government material, is available in the Sensitive Material Security Management Protocol and the Security Caveat Guidelines, which can be accessed via GovTeams.

[10] Nationalities are identified using three letter country codes from International Standard ISO 3166-1:2020 Codes for the representation of names of countries and their subdivisions – Alpha 3 codes.

  1. Information Management Markers (IMM) [11] are optional markings agencies may choose to use to help manage the security of and access to information classified OFFICIAL: Sensitive of higher. The IMMs can be used to help agencies and users to identify the type of information contained. See section 20. Applying protective markings for guidance on how to apply IMMs correctly.
  2. The four IMMs designated for use in South Australia are:
Legal privilegeRestrictions on access to, disclosure or use of, information covered by legal professional privilege
Legislative secrecyRestrictions on access to, disclosure or use of, information covered by legislative secrecy provisions
Personal privacyRestrictions, under the Premier’s Circular PC012 Information Privacy Principles (IPPS) Instructions, on access to, disclosure or use of, personal information collected or received
Medical in confidenceRestrictions on access to, disclosure or use of, information covered by practitioner/patient confidentiality or legislative requirements

[11]  IMMs are not classification and must only appear with an appropriate classification marking

Applying protective markings

  1. Agencies must use protective markings to indicate to users and systems the information’s classification and any additional handling requirements. Protective markings help users (as a visual mark) and systems (e.g., agency’s email gateway) control the distribution of information.
  2. The originator must clearly identify sensitive and security classified information by using the appropriate protective markings.
  3. The types of protective markings, and their order of precedence are:
    1. classification
    2. foreign government information markings (if any)
    3. caveats or other special handling instructions (if any)
    4. information management markers (optional, if any)
  4. UNOFFICIAL is an optional marking that may be used to identify information generated for personal or non-work-related purposes (marking may be required on some ICT system e.g., email).
  5. OFFICIAL describes routine information produced or processed by the public sector. Use of the OFFICIAL marker is optional and may be used to identify official information that is not sensitive, or security classified purposes (marking may be required on some ICT system e.g., email). OFFICIAL indicates the information requires no specific protections and no consequences are caused by its public release.

Agency specific and other protective markings

  1. Agency specific and other protective markings are not recognised by this policy. A standard set of markings ensures common understanding, consistency and interoperability across systems and government entities. Creation of markings outside this policy may confuse users about appropriate handling protections and increase the likelihood of compromise.

Text-based protective marking

  1. Text-based protective markings are the preferred method to identify sensitive or security classified information and additional handling requirements.
  2. Text-based protective markings should be:
    1. in capitals (other than for DLMs and IMMs), in a large, plain text font, in a distinctive colour (red preferred)
    2. centred and placed at the top and bottom of each page
    3. separated by a double forward slash(//) to help to clearly differentiate each marking.

For example:

Text based protective marking in large, bold, capitalised, red text and centered on page

Paragraph grading indicators

  1. Paragraph grading indicators are useful where there is a need to identify the classification of individual paragraphs or sections, in addition to the documents overall classification and protective marking (the paragraph or section with the highest classification within the document dictates the document’s overall classification and protective markings). Paragraph grading indicators are optional.
  2. It is recommended that paragraph grading indicators appear:
    1. in the same colour as the text of the document
    2. in brackets () at the start or end of each paragraph or in the margin adjacent to the first letter of the paragraph
    3. written in full, or abbreviated by the first letter(s) of the markings, as follows:
      1. (UO) for UNOFFICIAL
      2. (O) for OFFICIAL
      3. (O:S) for OFFICIAL: Sensitive
      4. (P) for PROTECTED
      5. (S) for SECRET
      6. (TS) for TOP SECRET

Colour-based protective marking

  1. For security classified information, if text-based protective markings cannot be used (e.g., certain media or assets e.g., USB key), the following colour-based protective markings must be used [12].
  2. PROTECTED

    BLUE

    R79, G 129, B 189
    SECRET

    SALMON (PINK)

    R 229, G 184, B 183
    TOP SECRET

    RED

    R 255, G 0, B 0
  1. There are no requirements to use RGB colour markings for OFFICIAL: Sensitive information, although, if required, a yellow colour should be used.
  2. Annex Table 2 aligns each classification to its BIL, definition, protective marking, handling, and access instructions.

Protective marking in metadata

  1. Within information on ICT systems, text-based protective markings are supplemented by metadata which assist to describe the security characteristics of the information or document.
  2. For consistency, State Records produced the Minimum Recordkeeping Metadata Requirements Standard in 2020 which provides standardised metadata terms and definitions for consistency across government. The Standard identifies the metadata properties essential for agency management and use of business information, including the appropriate application of South Australia’s Information Classification System (ICS) as outlined in the SAPSF.
  3. All agencies must apply the Standard to ensure agency records are managed according to best record management practices, as per the State Records Act 1997.
  4. The metadata of information on ICT systems must identify:
    1. the classification of the information
    2. the properties of any caveat used
    3. the ‘rights’ property (IMMs) [13]

Protective marking in email

  1. The preferred approach for marking email is to apply the protective markings to the internet message header extension, consistent with the Email protective marking standard, which provides guidance for applying protective markings (and, where relevant, information management markers) on emails exchanged within, between and outside of South Australian Government agencies.
  2. All agencies must ensure that where emails are printed, classification protective markings are still visible.

Limiting access to sensitive and security classified information

  1. Most official information can be shared, where required. Agencies must make official information available to those with a need-to-know (NTK). Applying the NTK principle reduces the risk of unauthorised access or misuse of information.
  2. For information identified as security classified, an appropriate security clearance [14]must be obtained in addition to NTK.
  3. Record of dissemination - audit, logs and Classified Document Registers

  4. Highly classified information (TOP SECRET information or accountable material) must be monitored via an auditable register (e.g., Classified Document Register) to keep track of incoming and outgoing material, access, transfers or copying of that material.

[12] The colour-based markings use the RGB (Red, Green, Blue) model. The RGB values listed for security classified information should be used, unless the exact values cannot be applied.

[13]  While the use of IMMs is optional, the metadata must identify when a rights property has been used, such as an IMM.

[14] For guidance on obtaining a personnel security clearance, see in the SAPSF policies Recruiting employees and Accessing official information

  1. Access to, and use of, official information must maintain the protections required by the classification assigned to it. This requirement extends to the physical environment the information is being used in, in addition to any handling instructions mandated by the classification.
  2. When sensitive and security classified information is being used (e.g., able to be read, viewed, heard or comprehended) it may be at a higher risk of compromise, depending on the physical environment it is being used in. Agencies must minimise the risks of compromise by combining the required protections and controls of this policy, with the required physical security measures of SAPSF policy Physical security.
  3. In conjunction with those controls and measures, it is imperative that employees demonstrate good security practices and awareness when using sensitive and security classified information, including:
    1. remaining vigilant and aware of their environment, including awareness of who might have access to that environment and to information they are not authorised to access.
    2. selecting work environments based on their suitability to use the required information
    3. taking all necessary or available steps to reduce the risk of unauthorised access, use or removal of information
    4. correct physical handling procedures when information is being carried or not in active use.

Working away from the office

  1. Any work undertaken away from an agency’s facilities is considered ‘away from the office’, which includes mobile computing, communications and teleworkers. Physical security requires that all agencies must consider what security measures are required to enable employees to work securely away from the office. This includes the use and/or storage of sensitive or security classified information.
  2. Working away from the office includes:
    1. another agency or entity’s facilities
    2. private homes (e.g., for regular ongoing or occasional home-based work)
    3. public spaces
    4. facilities overseas
  3. This requirement must also extend to ensuring employees are able to securely transport sensitive and security classified information between locations or to another individual (see Transmitting or transferring sensitive and security classified information, or physically removing it from agency facility) and store appropriately when not in use (see Storing sensitive and security classified information).
  4. The employee that removes the sensitive or security classified information from an agency’s facilities is then responsible for handling the information in accordance with the protections required by the classification and location.
  5. See Annex C: Table 3 for the minimum protections for information transmission and transfer when working away from the office.

Mobile computing and communication

  1. Mobile devices such as laptops, tablets and smart phones all enable work to be undertaken away from entity facilities due to their portable nature. While these devices can be significant business enablers, there is a significant risk associated with their use that must be addressed. Employees must consider and demonstrate the same level of good security practice and awareness when using mobile devices to access and undertake official business.
  2. Agencies must ensure that the use of privately-owned devices does not present an unacceptable security risk, and it is recommended that their use be avoided, where possible. Further guidance on mobile device security is available in the South Australian Cyber Security Framework (SACSF).

Using official information during official travel outside Australia

  1. Travel outside Australia for official purposes presents additional risks to employees, official information and assets. Agencies are responsible for implementing policies and procedures that mitigate any risk posed by travel outside Australia to employees and any sensitive or security classified information they may be travelling with, including mobile devices or media containing such information.
  2. It is recommended that agencies consider providing location-specific advice and consult with relevant authorities prior to travelling, such as the Office of the Chief Information Officer (OCIO), South Australia Police, the Department of Foreign Affairs and Trade or the Australian Security Intelligence Organisation, especially where identified risks cannot be appropriately mitigated.
  3. Personnel undertaking overseas travel for offiicial purposes must complete a Post-Travel Security Report and submit to SAPSF@SA.GOV.AU within 7 days of returning.

  1. Information may sometimes require modification (sanitising) to allow it to be shared more widely. The classification of information may be changed by the originator by editing, disguising or altering information to allow greater sharing. Elements that need to be protected when sanitising information include intelligence, sources, methods, capabilities, analytical procedures or privileged information. Once the content has been sanitised, the information can be declassified or reclassified.
  2. The originator of the information remains responsible for sanitising, reclassifying or declassifying.

Determining when to declassify

  1. Information declassification may take place when the information is no longer expected to cause the consequences as originally assessed in the classification.
  2. Under the State Records Act 1997, the originator is responsible for determining when records in the custody of the archive become publicly accessible. The originator should consider the period of time the information might be expected to have consequences and assign an appropriate timeframe to avoid information remaining restricted or classified.
  3. State Records of South Australia provides guidance to determining the appropriate timeframe under the Public Access Determinations.

  1. The risk of compromise increases when sensitive and security classified information is in transit (e.g., sent across the internet or between physical locations) and when an agency does not have control over the entire transmission network. As such, agencies must only transmit or transfer information for official purposes and must use transmission means which deter and detect compromise.
  2. NTK must be applied when transmitting or transferring sensitive and security classified information. Recipients must also hold the appropriate security clearance, where required.
  3. Agencies should identify recipients of sensitive and security classified information by:
    1. the specific position, appointment or named individual [15]
    2. a full location address (e.g., not a post office box for physical delivery as this may be unattended)
    3. an alternative individual or appointment where relevant (e.g., TOP SECRET or accountable material)
  4. The sensitivity or classification of information being transmitted or transferred should be obscured and a tamper-evident seal used to deter and detect unauthorised access. This can be achieved by:
    1. using appropriate encryption methods [16] for transferring information over a public network or though unsecured spaces
    2. double envelopes for physical information by placing security classified or accountable material inside two sealed envelopes:
      1. the inner envelope must give evidence of tampering, e.g., by sealing with a Security Construction and Equipment Committee (SCEC)-approved tamper evident seal [17]. The classification should be marked conspicuously on the inner envelope.
      2. The outer envelope protects the inner envelope. This envelope should not be marked with the classification or other protective markings.
    3. single use envelopes approved by SCEC for:
      1. an inner envelope
      2. single opaque envelopes in place of envelope
      3. an outer envelope used to enclose a number of inner envelopes where initial delivery will be to a registry or similar
    4. a single paper envelope in conjunction with a security briefcase [18] or approved multi-use satchels, pouches or transit bags [19]

Transferring information via devices

  1. Devices such as laptops, mobile phones and USBs can be used to transfer and transmit information. The requirement to deter and detect information compromise applies to sensitive and security classified information transferred on such devices. Multi-factored authentication, password protection and remote wiping capabilities should be considered. For more guidance refer to the SACSF.
  2. Methods to control the transmission and transfer of information include:
    1. use of receipts:
      1. Receipts should identify the date and time of dispatch, the sender’s name and a unique identifying number. Receipts should be used for transmission or transfer of all classified information.
      2. If using receipts, agencies should have a receipt system to record every handover of information (e.g., two-part receipt placed in the inner envelope with the information, allowing the addressee to keep one part and return the other to the sender).
    2. safe hand:
      1. safe hand means information is given to the addressee in the care of an authorised person or succession of authorised people who are responsible for the safe carriage of the information.
      2. sending information via safe hand establishes an audit trail that provides confirmation that the addressee received the information and helps to ensure the item is transferred to its intended destination. Each handover should include a receipt showing the unique identifying number, time and date of the handover, and the name and signature of the recipient.
      3. to send information via safe hand, agencies must:
        1. assign a unique identification number (generally a receipt number)
        2. transfer in a security briefcase18 or approved mailbag19
        3. ensure information is not left unattended (except when in the cargo compartment of an aircraft)
    3. carriage by a SCEC-endorsed commercial courier:
      1. a number of commercial courier services have been endorsed by SCEC. Contact ASIO-T4 by email t4ps@t4.gov.au or see the ASIO-T4 Protective security circular (PSC) 172 for advice on SCEC endorsed commercial couriers.
      2. Commercial couriers can be useful in transferring valuable material such a pharmaceuticals and money (note SCEC-endorsed couriers are not assessed for the transfer of these items. Special arrangements, such as armed escorts, may be necessary in certain circumstances.
      3. Special handling requirements may apply to caveated information. This may preclude the use of a commercial courier when using certain caveats.
  3. Transmission or transfer of official, but not sensitive or security classified information is on a common-sense basis. While not required by this policy, agencies should transfer or transmit information by means which deter and detect compromise.
  4. Annex Table 3 provides information on the minimum protections for information transmission and transfer.

[15]  The EXCLUSIVE FOR caveat may be used if the information is classified OFFICIAL: Sensitive or above.

[16] For information on cryptography, see the SACSF

[17] see the SCEC-approved security equipment evaluated product list

[18] refer to the SCEC-Security Equipment Guide of Briefcases for the carriage of security classified information

[19] see the SCEC-approved security equipment evaluated product list

  1. The Australian Government Information Management Standard requires that agencies ensure their information assets are accessible for as long as needed and are shared appropriately (subject to access, security and privacy rules) within a protected and trusted environment.
  2. It is expected that all agencies implement information classification practices and protective marking procedures that recognise and indicate the protections information requires, and that those protections are removed as soon as they no longer apply, when the sensitivity or need for security classification diminishes.
  3. All agencies must store information securely and preserve it in a usable condition for as long as required for business needs and community access. A secure and suitable storage environment is one that prevents unauthorised access, duplication, alteration, removal and destruction.
  4. When sensitive and security classified information is unattended or not in use, it is considered stored, and must be secured in an appropriate security container for the approved security zone. This requirement extends to mobile devices holding sensitive or security classified information. It is recommended that encryption16 is active when mobile devices are not in use.
  5. Annex Table 4 provides guidance on the minimum use and storage requirements for sensitive and security classified information, while further guidance on physical security zones can be found in SAPSF policy Physical security.

Clear desk, end session and screen locking procedures

  1. It is recommended that all agencies implement clear desk, end session and screen locking procedures to mitigate the risk of compromise to unattended information or resources. Such procedures require employees to secure all hard-copy documents, ensure access to sensitive and security classified information is disabled (e.g., closing/locking security containers, logging out of secure system access correctly) and lock device screens when not being used.

  1. Once official information no longer has a business need or value, it may not need to be kept by the agency. Any sensitive or security classified information that is no longer required by an agency must be disposed of in a secure manner. Failure to adequately dispose of sensitive of security classified information can result in serious compromise, with serious consequences, including loss of confidence in the South Australian Government.
  2. Under the State Records Act 1997, dispose of means:
    1. destroy or abandon the record
    2. carry out an act the result of which means it is no longer possible to reproduce the whole or part of that information
    3. transfer or deliver ownership or possession of or sell the information
  3. Disposal includes the physical destruction of paper records; destruction of electronic records including deleting emails, documents or other data from business systems and the transfer of records to a non-South Australian Government entity.
  4. Under Section 23 of the State Records Act 1997, information disposal can only take place:
    1. Through a determination made by the Director [Manager] State Records, and
    2. With the approval of the State Records Council.
  5. In South Australia, a determination for the purposes of Section 23 of the State Records Act is in the form of a disposal schedule. For guidance, see State Records of South Australia.

  1. Physical information may be destroyed in a number of ways. Commonly used destruction methods include:
    1. pulping
    2. burning
    3. pulverising using hammermills
    4. disintegrating or cutting and reducing the waste particle size
    5. shredding using crosscut shredders (strip shredders are not approved for destruction of security classified information
  2. Methods for destruction of digital information include:
    1. digital file shredding
    2. degaussing by demagnetising magnetic media to erase recorded data
    3. physical destruction of storage media through pulverisation, incineration or shredding (the SACSF provides guidance on sanitisation and destruction of ICT equipment and storage media)
    4. reformatting, if it can be guaranteed that the process cannot be reversed.

  1. Commercial providers may be used to destroy classified information. Agencies must review the appropriateness of a commercial provider’s collection process, transport, facility, procedures and approved equipment when considering engaging their destruction services. ASIO-T4 provides advice on engaging destruction services though Protective security circular 167 – Destruction of sensitive and security-classified information – (PSC 167), available through GovTeams.
  2. Criteria for commercial destruction includes:
    1. Ensuring classified information is attended at all times and the vehicle and storage areas are appropriately secured
    2. Ensuring that destruction is performed immediately after the material has arrived at the premises
    3. Ensuring that destruction is witnessed by an entity representative
    4. Ensuring destruction service staff have a security clearance to the highest level of security classified information being transported and destroyed, or appropriately security cleared entity staff escort and witness the destruction.
  3. There are a number of commercial destruction services that hold National Association for Information Destruction AAA certification (with endorsement in PSC 167 External destruction of security classified information ). These commercial providers are able to destroy security classified information.
  4. It is recommended information classified TOP SECRET, or accountable material, be destroyed within entity premises. The originator should request notification of destruction. The originator of accountable material may apply special handling conditions that prevent information destruction being contracted out.
  5. Annex Table 5 summarises the minimum handling protections for disposal of physical sensitive and security classified information, ICT media and equipment.

  1. Suspected or actual compromise of security classified information is considered a security incident, and SAPSF policy Security governance requires that agencies notify affected agencies of security incidents.
  2. Agencies must notify the owner or originator of security classified information as soon as practicable following suspected or actual compromise. It is also recommended that loss or compromise of SECRET or TOP SECRET information is reported to the Department of the Premier and Cabinet and to the Australian Security Intelligence Organisation.

Change log

VersionDateChanges
1.025/11/2019First issue of policy
1.120/04/2020

Policy title changed to ‘Protecting official information’

Classification protective marking examples changed to red colour

Removal of word ‘your’ throughout entire document

1.2

21/08/2020

Definition of ‘personnel’ updated

Definition of ‘employee’ and ‘visitor’ added.

Supporting requirement IV moved from SAPSF policy INFOSEC2: Accessing official information

Guidance for NATIONAL CABINET caveat added to Table 1 – Types of caveats

Guidance for marking UNOFFICIAL and OFFICIAL information clarified (paras 23 & 24)

Paragraph grading indicators section added (paras. 28 & 29)

RGB colour codes added to Colour-based protective marking. Guidance for colour marking OFFICIAL: Sensitive added (para 31). Colour markings in document tables updated.

Guidance for Protective marking in metadata and email amended (paras 33-38)

Section Using official information added (paras 42-52)

Guidance for Storage of security classified information amended (para 69)

Section Clear desk, end session and screen locking procedures added (para 71)

Section Security incidents involving security classified information (paras 84-85)

1.309/11/2020Requirements for home-based work in Annex Table 3 amended
2.026/10/2022

Supporting requirement IV updated to include the Minimum Record keeping Metadata Requirements Standard

Guidance for Working Away from the Office updated (para 46-50)

2.119/09/2023Added requirement to complete Post-Overseas Travel Security Report