- B.C. Home
- Ministry of Citizens’ Services and Open Government
- Office of the Chief Information Officer
- About the OCIO
- Architecture and Standards
- Identity Information Management
- Information Security
- Intellectual Property Program
- Legislation, Privacy and Policy
- Network BC
- Strategic Partnerships
- Contact Us
Information Security Classification Framework
The government Core Policy and Procedures Manual (Chapter 12 IM/IT Management) requires that information assets be protected. The Office of the Chief Information Officer - Information Security Policy (ISP) requires that business/information owners ensure that the systems and the information in those systems are protected commensurate with their value and sensitivity.
An information security classification system is one of the critical components of good information security. An information security classification system assists in determining the value and sensitivity of information as well as the protective measures to be applied. In the absence of a classification system, there is a risk that:
- All information may be regarded as highly classified and the cost of the measures to protect the information would far exceed the value and sensitivity of the information; or
- Highly sensitive information is not sufficiently protected.
In 2006, the Information Security Classification Standard was approved. To facilitate the implementation of the standard, an implementation framework and supporting guidelines were developed as below. The Information Security Classification Framework provides an information security classification schema, which serves as criteria to classify information. The framework and guidelines are available as follows:
Information Security Classification Framework
Information Security Classification Guidelines
How to Apply the Information Security Classification Framework
An Information Security Classification online training module has been developed to assist with the use and application of the Information Security Classification Framework (government login required). The training incorporates practical exercises and includes references to other related resources, policies and standards.
