The South Australian Information Classification System (ICS) was approved by Cabinet to commence on 1 December 2019.

The ICS is used to assist South Australian public sector agencies1 to assess the confidentiality, integrity and availability of their information assets and ensure the appropriate protections, including protective markings and handling requirements, are assigned. The ICS replaces the classifications previously outlined in the Information Security Management Framework (ISMF).

All agencies must be fully transitioned to the ICS by 1 December 2020.

The SAPSF information security policies will assist your agency to transition to the ICS while maintaining the required protections of each level of classification.

The ICS is based upon the Commonwealth Government’s sensitive and classified information requirements under the Protective Security Policy Framework (PSPF) with some modifications to suit the South Australian context.

Mapping classifications

This table maps the new classifications and sensitivity markings of the ICS against the former classifications and markings, as previously outlined in the Information Security Management Framework (ISMF).

Then
(pre-1 December 2019)
To Now
(post-1 December 2019
 
TOP SECRET no change TOP SECRET Security classifications
SECRET no change SECRET
CONFIDENTIAL discontinued -
PROTECTED no change PROTECTED
Sensitive: SA Cabinet DLM to Caveat SA CABINET2 Non-security classifications3
Sensitive DLMs to DLM OFFICIAL: Sensitive
Sensitive: Personal
Sensitive: Legal
Sensitive: Medical
Sensitive: Commercial
For Official Use Only4
OFFICIAL
PUBLIC to
- new classification UNOFFICIAL

Information Management Markers

Information Management Markers (IMM) are optional protective markings which may be used where a legislative or professional restriction may apply to disclosure of information contained. IMMs must only be used in addition to a classification of OFFICIAL: Sensitive or higher. They are:

  • Legislative secrecy
  • Personal privacy
  • Legal privilege
  • Medical in confidence.

Resources

The following resources may help to support your agency to implement the ICS and associated information security policies.

South Australian Information Classification System overview (PDF, 118.0 KB)

Classification Assessment Tool  (PDF, 163.4 KB)

Business Impact Level Tool  (PDF, 202.9 KB)

Historical classifications and sensitivity markings in South Australia (PDF, 156.1 KB)

Alignment of classifications to BIL, protective marking and access requirements (PDF, 142.5 KB)

Notes

  1. The ICS applies to all South Australian public sector agencies (as defined in the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”. It replaced the classification requirements previously outlined in the Information Security Management Framework (ISMF).
  2. Caveat must only appear with classification of OFFICIAL: Sensitive or higher
  3. UNCLASSIFIED was previously used to describe information without a security classification. Under the ICS, unclassified has been replaced by ‘non-security classification’.
  4. In South Australia, some information previous classified as FOR OFFICIAL USE ONLY may now be classified either OFFICIAL: Sensitive or OFFICIAL. Agencies must consider the potential business impact when making this determination.