The South Australian Information Classification System (ICS) commenced on 1 December 2019.
The ICS is used to assist South Australian public sector agencies1 to assess the confidentiality, integrity and availability of their information assets and ensure the appropriate protections, including protective markings and handling requirements, are assigned. The ICS replaces the classifications previously outlined in the Information Security Management Framework (ISMF).
All agencies must be fully transitioned to the ICS by 1 December 2020.
The SAPSF information security policies will assist agencies to transition to the ICS while maintaining the required protections of each level of classification.
The ICS is based upon the Commonwealth Government’s sensitive and classified information requirements under the Protective Security Policy Framework (PSPF) with some modifications to suit the South Australian context.
This table maps the new classifications and sensitivity markings of the ICS against the former classifications and markings, as previously outlined in the Information Security Management Framework (ISMF).
Information Management Markers
Information Management Markers (IMM) are optional protective markings which may be used where a legislative or professional restriction may apply to disclosure of information contained. IMMs must only be used in addition to a classification of OFFICIAL: Sensitive or higher.
- Legislative secrecy
- Personal privacy
- Legal privilege
- Medical in confidence.
See SAPSF Protecting official information for information about applying protective markings.
The following resources may help to support your agency to implement the ICS and associated information security policies.
- The ICS applies to all South Australian public sector agencies (as defined in the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”. It replaced the classification requirements previously outlined in the Information Security Management Framework (ISMF).
- Caveat must only appear with classification of OFFICIAL: Sensitive or higher
- UNCLASSIFIED was previously used to describe information without a security classification. Under the ICS, 'unclassified' has been replaced by ‘non-security classification’.
- In South Australia, some information previous classified as FOR OFFICIAL USE ONLY may now be classified either OFFICIAL: Sensitive or OFFICIAL. Agencies must consider the potential business impact when making this determination.