Download: INFOSEC1 Guidance (PDF, 1.4 MB)

Date of first approval: 20 April 2020

Date of review: 26 October 2022

Next review date: December 2024

Purpose

This policy ensures all South Australian Government agencies protect their information assets from compromise. It outlines the South Australian Information Classification System (ICS) and associated guidance, which all agencies must use to protect the confidentiality, integrity and availability of all official information. The requirements of this policy are designed to mitigate against both intentional and accidental threats and reduce the impact on government business.

Core Requirement

Protect official information against compromise [1]

[1] Information compromise includes, but is not limited to loss, misuse, interference, unauthorised access, unauthorised modification, and unauthorised disclosure

Supporting Requirements

To protect official information against compromise, agencies [2]must:

  1. determine the appropriate classification and any protections that apply to official information
  2. set the classification at the lowest reasonable level to protect against compromise to the confidentiality, integrity or availability of all official information
  3. ensure all sensitive and security classified information (including emails) are marked with the correct protective markings
  4. apply the Minimum Recordkeeping Metadata Requirements Standard to ensure metadata reflects any protective markings
  5. ensure all information is handled according to the classification and protective markings assigned to that information
  6. seek permission from the information originator to make changes to the classification or protective markings
  7. ensure processes for transferring or transmitting sensitive and security classified information deter and detect compromise
  8. ensure sensitive and security classified information is stored securely in an appropriate security container for the approved security zone
  9. ensure sensitive and security classified information is disposed of securely
  10. be responsible for caveated and accountable material.

[2] This policy applies to all South Australian public sector agencies (as defined in section 3(1) of the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”.