INFORMATION SECURITY FOR GOVERNMENT IN AUSTRALIA

Cost effective solutions for agencies and their contractors 

From public to the most sensitive government information

Whether at state or national level, government bodies have always understood the need to maintain high standards and controls around information flow. As documents and communication become increasingly electronic, these agencies continue to recognise the intrinsic value in effective marking to classify the sensitivity of data and information being handled.

Once information is classified and marked, access control to sensitive information can be efficiently and effectively managed, minimising the potential impact of government data breach.

It follows that any contractors to these agencies must comply with the same set of rules and regulations applied by the agency they are contracted to.

As well as being reliable, information security and compliance solutions available to government agencies and their contractors must also be cost-effective.

Identifying and classifying sensitive information allows you to focus control measures on the information that needs protecting – making it easier and more affordable to enforce information security policy.

Reducing Risk, Minimising Costs

By providing a quick and easy mechanism for distinguishing between public information and sensitive material, information classification can reduce overall costs by allowing security efforts to target only the most sensitive material. Sensitive information can be manually classifed by the author or automatically classified using e-discovery tools.

Janusnet has a long history in the electronic marking of government information. Janusseal classification solutions support a whole range of government classifications and classification schemas that comply with the numerous government compliance standards now in operation worldwide. What's more, our solutions provide seamless integration with existing IT security systems for fast deployment and implementation.

Information classification can be a valuable tool across all areas of government data handling, including:

  • IP protection
  • National security requirements
  • Government information security compliance

The Australian Commonwealth Government abides by the Protective Security Policy Framework (PSPF), which incorporates a Protective Marking Scheme according to Business Impact Levels (BILs). BILs describe the potential harm or damage to government operations, organisations or individuals if there were a compromise to the confidentiality, integrity or availability of public sector information

There are three main components of a protective marking: security classification, information management markers and caveats.  Specific definitions of each protective marking with their BILs are set out in the table below. (This table does not list Information Management Markers (IMMs) or Caveats, which may be used in conjunction with security classifications and are explained further under the table).

Protective Marking

Business Impact Level

Compromise of information confidentiality would be expected to cause:

UNOFFICIAL

0
No business impact

No damage. 
This information does not form part of official duty.

OFFICIAL

1
Low business impact

No or insignificant damage.
This is the majority of routine information.

OFFICIAL: Sensitive

2
Low to medium business impact

Limited damage to an individual, organization or government generally if compromised.

PROTECTED

3
High business impact

Damage to the national interest, organisations or individuals.

SECRET  

4
Extreme business impact

Serious damage to the national interest, organisations or individuals.

TOP SECRET

5
Catastrophic

Exceptionally grave damage to the national interest, organisations or individuals.

Information Management Markers can be added to the protective marking for anything OFFICIAL: Sensitive and above. They are used to reflect ‘rights properties’ for particular content and can inform access restrictions. They are not mandatory. The three commonly recognised IMMs iare:

  • Legislative Secrecy
  • Personal Privacy, and
  • Legal Privilege

Caveats are a warning that the information has special protections in addition to those indicated by the security classification (or in the case of the NATIONAL CABINET caveat, a security classification of OFFICIAL: Sensitive marking). 

The Australian Government Security Caveats Guidelines establishes four categories of caveats:

  • codewords (sensitive compartment information)
  • foreign government markings
  • special handling instructions
  • releasililbity caveats

Click here for further information about PSPF Section 8 Sensitive and Classified Information handling guidelines.

Specific compliance requirements for Australian State governments can be found in this Government section.

USING CLASSIFICATION TO SUPPORT COMPLIANCE

When you need to ensure contractors are complying with information security regulations, information classification provides an effective, straightforward and affordable solution.

By allowing all people engaged in information handling to categorise sensitive information in emails, documents, and other files, easy-to-use products such as Janusseal for Outlook and Janusseal Documents help to improve information security, while making it simple to enable contractor compliance and to minimise supply chain risk.

If government contractors use the same classification schema as the contracting agency, they can ensure material is controlled and marked to the same degree of diligence that the government would apply to its own processes.

To find out the government information handling requirements for suppliers, visit our page about 'Government changes to information management in its supply chain'. It includes specific reference to what's required to work as a Defence Contractor.

If you would like to learn more about the identification, classification and management of government information, please contact us and one of our highly experienced team will quickly respond.