Contact informationsecurity@finance.nsw.gov.au Strategic Policy Branch Department of Finance and Services Level 15, McKell Building 2-24 Rawson Place SYDNEY NSW 2000

NSW Government Information

Classification and Labelling Guidelines

v1.1

October 2013

ii

Table of contents

1 Document control 5

1.1 Document approval 5

1.2 Document version control 5

1.3 Review date 5

2 Introduction 6

2.1 Purpose 6

2.2 Scope 6

2.3 Background 7

2.4 Superseded NSW guidance 8

2.5 Information Management Framework 8

2.6 Related guidance 8

3 NSW system for classification and labelling 9

3.1 UNCLASSIFIED material 9

3.2 Protective markings 9

3.3 Who applies protective markings? 11

3.4 What is protectively marked? 11

3.5 When are protective markings applied? 11

3.6 How are protective markings applied? 12

3.7 Agency classification and labelling policy and procedures 13

3.8 Receiving Commonwealth information 14

4 Applying dissemination limiting markers (DLMs) 15

4.1 When to use DLMs 15

4.2 Creation of new DLMs 15

4.3 Control and handling of DLM information 16

iii

4.4 FOUO – Sensitive – Sensitive: Personal – Sensitive: Legal 16

4.4.1 Preparation and handling 16

4.4.2 Removal and auditing 17

4.4.3 Copying, storage and disposal 17

4.4.4 Manual transmission 18

4.4.5 Electronic transmission 18

4.5 Sensitive: NSW Government 19

4.5.1 Removal and auditing 19

4.5.2 Copying, storage and disposal 20

4.5.3 Manual transmission 20

4.5.4 Electronic transmission 21

4.6 Sensitive: NSW Cabinet 21

4.6.1 Copying, storage and disposal 22

4.7 Sensitive: Cabinet 22

5 Applying security classifications 23

5.1 Control and handling of classified information 23

5.2 PROTECTED 23

5.3 CONFIDENTIAL 23

5.4 SECRET 24

5.5 TOP SECRET 24

6 Applying caveats 26

6.1 When to use caveats 26

6.2 Removing caveats 26

6.3 Codewords 26

6.4 Source codewords 27

6.5 Eyes Only 27

6.6 Australian Government Access Only (AGAO) 27

iv

6.7 Releasable to 27

6.8 Special handling caveats 28

6.9 Accountable Material 28

APPENDIX A – Suggested mapping 29

APPENDIX B – Transition guidance 30

B1. A consistent approach 30

B2. Key points for transition 30

B3. Frequently asked questions 31

APPENDIX C – Protective markings in use in NSW 33

APPENDIX D – Business Impact Levels 34

APPENDIX E – Classification and labelling content examples 35

APPENDIX F – Aligning control and handling requirements 36

APPENDIX G – Resources 37

APPENDIX H – Glossary 39

5

1 Document control

1.1 Document approval

Name & Position Signature Date

1.2 Document version control

Version Status Date Prepared by Comments

0.1 Consultation Draft 28 May 2013 DFS Initial draft.

0.2 Consultation Draft 5 July 2013 DFS Updated to reflect preferred options.

0.3 Draft 24 July 2013 DFS Updated after input from the Information Security Steering Group and the Classification & Labelling Working Group.

0.4 Draft 30 August 2013 DFS Further updated version taking in comments from DPC et al.

1.0 Final September 2013

DFS Final additional comments taken in.

1.1 Final October 2013 DFS Updated to reflect changes to the PSPF Business Impact Levels (BILs), and consequential minor amendments, affecting 3.6, 5.2, 5.3, 5.4, 5.5, 6.7 and Appendix D.

1.3 Review date

These Guidelines will be reviewed in July 2015.

They may be reviewed earlier in response to post-implementation feedback or as necessary.

6

2 Introduction

2.1 Purpose

The NSW Government Digital Information Security Policy outlines the NSW Government’s

commitment to transitioning to a system for classifying and labelling sensitive information in a

manner that is consistent with the Commonwealth security classification system (“the

Commonwealth system”).

This document provides guidance to help NSW government agencies:

maximise consistency with the Commonwealth system, and

minimise the resources required for transition to the new system.

Sensitive information labelled or classified on or after 1 January 2014 must comply with the

system outlined in these Guidelines, including the protective markings listed.

These Guidelines outline an approach that is consistent with the Information security management

guidelines – Australian Government security classification system, which supports the

Commonwealth Protective Security Policy Framework (PSPF).

2.2 Scope

These Guidelines support the implementation of the NSW Government Digital Information Security

Policy. In accordance with the scope and objectives of the policy, this guidance applies to the

classification, labelling and handling of sensitive information in any format, including records in

physical and digital format.

These Guidelines and their requirements are mandatory for all NSW government agencies with

regard to classifying and labelling sensitive information.

However, individual agencies are responsible for applying protective markings and may develop

their own internal agency policies, plans and procedures for classifying and labelling sensitive

information, as required, and in line with these Guidelines.

Agencies must refer to the relevant requirements in the PSPF for classifying and handling security

classified information, i.e. PROTECTED, CONFIDENTIAL, SECRET, and TOP SECRET – particularly in

relation to information affecting national security.

These Guidelines do not affect or alter existing legal and regulatory requirements under

Commonwealth or NSW State legislation, including under: the Government Information (Public

Access) Act 2009 (NSW) (GIPAA), the Privacy and Personal Information Act 1998 (NSW) (PPIPA), the

7

Health Records and Information Privacy Act 2002 (NSW) (HRIPA) and the State Records Act 1998

(NSW). Existing privacy principles applicable under State and/or Commonwealth legislation

continue to apply to the handling of information.

Where an agency engages a contractor or third party provider, the agency is responsible for

ensuring the contractor or third party provider complies with these Guidelines.

These Guidelines are based on, and directly reproduce in part, the text of the Commonwealth

system and PSPF. For readability, where text from the Commonwealth system is reproduced

neither specific attribution, nor quotation marks, are provided.

Terms not explained in the text of the Guidelines are defined in the Glossary at Appendix H.

2.3 Background

The NSW Government approach to classifying and labelling sensitive information has been

reviewed to align with the Commonwealth system.

Sharing information between State and Commonwealth agencies can support the delivery of

emergency services, enable more effective law enforcement and contribute to national security

operations.

Implementing consistent methods of classification and labelling allows sensitive information to be

securely shared across jurisdictions, with confidence that the information will be handled and

protected according to its sensitivity.

These Guidelines have been developed to:

provide a consistent and structured approach to the classification and labelling of sensitive

information to be used by all NSW agencies

allow for integration between the existing sensitive information labels in NSW and the

information security classification markings used by the Commonwealth

provide guidance for NSW agencies in transitioning to the system outlined in these

Guidelines

assist agencies in identifying security classified or sensitive information, and in applying

appropriate protective markings to this information

clarify where classification and labelling systems overlap, and

encourage better practices in protective security procedures by all NSW agencies.

8

2.4 Superseded NSW guidance

These Guidelines supersede C2002-69 NSW Guide to Labelling Sensitive Information 2011 Version

1.2 (30/6/2011).

Information labelled or classified before 1 January 2014 should not be re-labelled or re-classified

unless specifically required due to a business or operational need. Most documents labelled under

the previous system can retain their existing labels, providing staff are aware of the appropriate

handling requirements.

Appendix A provides a table showing how to map the most common existing labels to the new

system for classifying and labelling sensitive information. Additional guidance for transitioning

from the previous system to the system outlined in these Guidelines is at Appendix B.

2.5 Information Management Framework

These Guidelines form part of the Information Management Framework. A key initiative of the

NSW Government ICT Strategy is the development of an Information Management Framework to

support the way government administers and uses data and information.

The Framework is a set of standards, policies, guidelines and procedures that enable data and

information to be managed in a secure, structured and consistent manner.

It ensures that data and information can be appropriately shared or re-used by agencies, individual

public sector staff, the community or industry for better services, improved performance

management and a more productive public sector.

2.6 Related guidance

These Guidelines should be read with other guidance on classification, labelling and handling,

namely:

the NSW Digital Information Security Policy

the Information security management guidelines – Australian Government security

classification system (from the PSPF) – setting out the Commonwealth system

the Physical security management guidelines (from the PSPF)

agencies’ existing policies and procedures for labelling, classifying and handling sensitive

information, and

legal and regulatory requirements in relation to information classification, labelling and

handling.

Details of other policies and legislation affecting these Guidelines can be found at Appendix G.

9

3 NSW system for classification and labelling

3.1 UNCLASSIFIED material

Most information handled by NSW government agencies is of low sensitivity and requires only

limited protection. Where the information does not require a security classification it may be

marked UNCLASSIFIED if required by agency policy.

UNCLASSIFIED is not a protective marking or a security classification. UNCLASSIFIED may be used in

conjunction with a DLM.

UNCLASSIFIED is used by convention to describe official information that is not expected to cause

harm and does not require a security classification.

Newly created or unlabelled material is by default UNCLASSIFIED and should be stored and

handled according to NSW State Records standards and guidance and other NSW legislative and

regulatory requirements as appropriate.

Material created on or after 1 January 2014 is regarded as unlabelled and UNCLASSIFIED where no

protective marking is used.

3.2 Protective markings

There are three categories of protective markings: dissemination limiting markers (DLMs), security

classifications and caveats, and details of each category are set out below.

Specific definitions of each protective marking are set out at Appendix C.

10

Category Description

Dissemination Limiting

Marker (DLM)

Information that does not meet the criteria for security classification but which

requires some lower level of protection can be labelled with a dissemination

limiting marker (DLM).

DLMs are markings for information where disclosure may be limited or prohibited

by legislation, or where it may otherwise require special handling.

The Commonwealth system includes five DLMs:

For Official Use Only (FOUO)

Sensitive

Sensitive: Personal

Sensitive: Legal, and

Sensitive: Cabinet

In NSW, two additional DLMs are used under these Guidelines:

Sensitive: NSW Government

Sensitive: NSW Cabinet

Security classification Used to protect the most sensitive government information.

The Australian Government system includes four classifications:

PROTECTED

CONFIDENTIAL

SECRET, and

TOP SECRET

Each level of classification reflects the consequences of unauthorised disclosure

and has strict handling and security clearance requirements.

Security classifications have been the subject of a memorandum of understanding

between the NSW and Commonwealth Governments.

NSW agencies that handle information requiring security classification must

manage this information in accordance with Commonwealth requirements. Only a

small number of agencies deal with information at this level.

Security classifications CONFIDENTIAL, SECRET and TOP SECRET are to be

regarded as national security classifications under these Guidelines.

11

Category Description

Caveat Certain information may bear a security caveat in addition to a security

classification or label. The caveat is a warning that the information has special

non-disclosure requirements in addition to those indicated by the protective

marking.

Caveats cannot be applied to unlabelled or UNCLASSIFIED information.

The Commonwealth system identifies seven categories of caveats:

codewords

source codewords

Eyes Only

Australian Government Access Only

Releasable to

special handling caveats, and

Accountable Material

3.3 Who applies protective markings?

The person responsible for preparing the information – or for actioning information produced

outside of the State or Commonwealth Government – is to decide its protective marking. This

person is called the originator.

Agencies are to advise all employees, including contractors, who use this system of classifications

and labels on its proper use.

3.4 What is protectively marked?

Protective markings can be applied to information in any format, medium or resource. This

includes paper files or documents, digital files or documents, information assets, datasets,

infrastructure, records management systems, magnetic or optical media, microforms, databases,

software applications, hardware and physical assets.

3.5 When are protective markings applied?

Apply protective markings, or UNCLASSIFIED, when the information is created or received – or as

soon as a high level of sensitivity becomes apparent.

An agency sending sensitive information to another government agency must label the

information in accordance with these Guidelines.

12

Information received from external sources should be evaluated upon receipt and protectively

marked in accordance with these Guidelines.

Protectively-marked information which is received from another government agency should be

handled in accordance with these Guidelines and the PSPF as appropriate.

3.6 How are protective markings applied?

An agency must first identify its information assets as part of broader information management

practice.

To apply these Guidelines, follow these steps.

STEP 1 – Determine whether the information requires protection

Determine…. Then consider….

If the information is already protected

using a pre-existing labelling or

classification system, and if so, at what

level?

The existing level of protection, and suggested mapping

from previous labels or classifications to current ones under

these Guidelines (see Appendix A).

What would be the impact if the

information were released?

Potential damage caused by the release of the information.

PSPF Business Impact Levels (BILs) can provide some

guidance in relation to security classified information

(reproduced from the PSPF at Appendix D)

Does the information contain anything

that is sensitive?

Whether the information requires a DLM or classification,

and at what level.

STEP 2 – Identify the appropriate level of protection

Consider the following when determining the level of protection:

principles of good information security practice

definitions of approved protective markings

impact levels of unauthorised disclosure or misuse of the information

proactive release of UNCLASSIFIED information

who created the information and who will need to access it, for example, consider the

security clearance levels of information creators, originators and recipients, and their

ability to access or protect information which is protectively marked

13

interoperability issues with different definitions/labels, and with the previous NSW

labelling system

removal and auditing

any limit on the duration of a classification; at what point it should be reviewed; and how

it can be downgraded

principles of good privacy management practice, Privacy by Design, and

issues that can result from over-classification, e.g. restrictions on copying, storage and

disposal, transmission and transfer of information (manual and electronic transmission –

e.g. information classified PROTECTED and above cannot be transmitted using standard

email systems, and cloud storage requires encryption).

STEP 3 – Avoid over-classification

NSW government agencies are expected to use a DLM or security classification only when there is

a clear and justifiable need to do so – when the consequences of information being compromised

warrant the expense of increased protection.

Over-classification can have a range of undesirable outcomes, including (from the PSPF):

unnecessary limitation of public access to information

unnecessary imposition of extra administrative arrangements and additional cost

excessively large volumes of protected information, which is harder for an agency to

protect, or

devaluing of protective markings, leading to these labels being ignored or avoided by

employees or receiving agencies.

Appendix E provides specific classification and labelling content examples.

3.7 Agency classification and labelling policy and procedures

Using these Guidelines, and other applicable information management standards and policy,

agencies may develop and apply their own internal policies and procedures for the maintenance of

appropriate levels of classification and labelling.

Under the NSW Digital Information Security Policy, agencies must have an internal information

security policy, which may include agency-specific procedures for labelling and handling sensitive

information. Agency policies must be consistent with the NSW Digital Information Security Policy,

these Guidelines, and relevant parts of the PSPF as required.

14

Use agency policies to identify:

who is responsible for information classification and labelling

who is responsible for the policies and procedures governing the alteration of protective

markings

what information requires classification and labelling, and

any unique procedures for handling that information and complying with legislation.

Agencies must determine specific events or dates for declassification on the basis of an

assessment of the duration of the information’s sensitivity, and regularly review the level of

protective marking applied to information. This must be done in accordance with an agency’s

internal policy and procedures.

In developing internal policies and procedures, agencies must ensure principles of good

information security practice are applied:

sensitive information should only be released to organisations and individuals with a

demonstrated need to know

information is to be stored and processed away from public access

the removal of information from agency premises is on the basis of identified need

disposal of information is by secure means, and

transmission and transfer of information is to be by means which deter unauthorised

access.

3.8 Receiving Commonwealth information

NSW agencies handling DLM information which:

was created by a Commonwealth agency, and/or

primarily relates to the operation of the Commonwealth or a Commonwealth agency,

are required to comply with the procedures set out in the PSPF regarding the application, removal,

transfer, receipt and destruction of that information.

For all security classified information, NSW agencies are required to control and handle the

information according to the relevant procedures set out in the PSPF – regardless of whether the

information originates in NSW or the Commonwealth.

It is the responsibility of the sender of information to ensure that security classified documents are

protected appropriately.

15

4 Applying dissemination limiting markers (DLMs)

4.1 When to use DLMs

DLMs are used where disclosure may be limited or prohibited by legislation, or where it may

otherwise require special handling. DLMs can be used:

on their own, or

in conjunction with a security classification.

The exception is FOUO – this may only be used with UNCLASSIFIED information.

In a situation where a document has multiple types of information, or information at more than

one sensitivity level of DLM or classification, the document must be labelled and/or classified as

per the information of the highest level of sensitivity within that document. This principle also

applies where a container has information of varying levels of sensitivity within it.

The presence or absence of a protective marking will not affect a document’s status under GIPAA,

PPIPA and HRIPA.

GIPAA mandates an open, accountable, transparent approach to proactive information disclosure

for NSW Government. GIPAA helps to ensure that access to government information is restricted

only when there is an overriding public interest against disclosure. The ‘public interest’ test is the

principle underpinning the procedures outlined in GIPAA.

4.2 Creation of new DLMs

In normal circumstances agencies must not create their own DLMs, security classifications or

caveats. Under these Guidelines new Sensitive DLMs may be created by agencies when the

following three conditions are met:

1. there is a specific agency need

2. there is no approved DLM which is appropriate for use, and

3. the new DLM is endorsed by the Information Security Steering Group.

The Information Security Steering Group is made up of members of the Information Security

Community of Practice, which is established under the NSW Digital Information Security Policy.

This Steering Group approves the creation of new DLMs, and oversights their management. Where

new DLMs are approved by the Steering Group, by default the requirements for control,

preparation and handling as set out in relation to Sensitive information apply to the new DLMs –

subject to any additions or modifications as approved by the Steering Group.

16

These Guidelines do not prevent agencies, on the basis of internal processes, policies and

procedures, using other agency-specific markers – for example in round brackets after a DLM. This

practice should only be used in conjunction with approved DLMs and/or security classifications.

4.3 Control and handling of DLM information

These Guidelines set out minimum control and handling requirements for DLMs, and additional

guidance is provided by the PSPF in Information security management guidelines – Protectively

marking and handling sensitive and security classified information.

Where there is potential ambiguity in interpreting the control or handling requirements in these

Guidelines, refer to principles outlined in the NSW Digital Information Security Policy, in particular

the need to take a risk-based approach.

Situations may arise where there are differences between the requirements for control and/or

handling in these Guidelines and what is set out in the PSPF (as updated from time to time).

Appendix F addresses specific scenarios where control and handling requirements under these

Guidelines intersect with the PSPF.

4.4 FOUO – Sensitive – Sensitive: Personal – Sensitive: Legal

4.4.1 Preparation and handling

Marking

centre of top and bottom of each page

markings should be in bold text and a minimum of 5mm high (preferably red stamp)

the label on a file cover or container must be at least equal to the label on the most

sensitive item in the file or container

paragraph markings, where adopted, should appear in a consistent position such as at the

end of each paragraph (refer to the PSPF for guidance on applying paragraph markings),

and

electronic and other documents should include their sensitivity label in their metadata as

appropriate.

Numbering

page and/or paragraph numbering is desirable.

Filing and media labels

front and back file covers and media labels to be marked Sensitive in large letters and

an agency may reserve specific colours for file covers and media labels covering Sensitive

items.

17

Disclosure/access

need to know, and

only in accordance with legislative and administrative requirements.

4.4.2 Removal and auditing

Removal of documents or files

basis of real need, e.g. a meeting

removal must be authorised by a supervisor (or equivalent) who should be satisfied that

the removing officer is aware of the potential risks involved and that he or she is

responsible for its safe custody at all times, and

ensure adequate custodial arrangements, including overnight storage.

Audits

determined on the basis of agency requirements.

4.4.3 Copying, storage and disposal

Copying

may be prohibited by originator, and

to be kept to a minimum in keeping with operational requirements.

Physical safe-keeping — minimum standards

‘clear desk’ policy

hard copy and any form of unencrypted removable electronic media must be held in a

commercial-grade locked container or a secure area, and

servers and associated devices processing or storing Sensitive data must be sited in

appropriately secure facilities – the Commonwealth Information Security Manual (ISM)

provides a guide.

Electronic storage

Agencies should conduct a risk assessment to determine whether sensitive information should be

encrypted when stored in any laptop or on a removable PC hard drive or storage device. If

encryption is used, it must be performed using a method approved by the agency security plan.

Disposal

Transfer in accordance with the State Records Act 1998 (NSW); or if not required, then records

destruction should be authorised under current retention and disposal authorities and be carried

out after minimum retention periods have been met:

paper items only: destroy by appropriate method or contract approved in the agency

security plan; or

18

for all other media: consult the information security officer and ensure appropriate

deletion, destruction or sanitisation processes are used.

Records should be destroyed in ways that ensure that they cannot be recovered or reconstituted.

Destruction should be documented and contractors used for destruction should provide

certificates of destruction.

Records required as State archives in current retention and disposal authorities should be

transferred to State Records NSW as appropriate.

Note: State records in any form may only be disposed of in accordance with Part 3 of the State

Records Act 1998 (NSW), PPIPA and HRIPA.

4.4.4 Manual transmission

Within a single physical location

A single sealed opaque envelope that indicates the DLM, delivered by the agency’s internal mail

system.

May be passed, uncovered, by hand within a secure area provided it is transferred directly

between people with the need to know and there is no opportunity for any unauthorised person

to view the information.

Transfer between establishments

Single sealed opaque envelope that does not indicate the sensitivity of the information; receipt at

discretion of the originator AND one of the following:

passed by hand between people who have the need to know

delivered securely by an overnight courier that is endorsed in line with the agency security

plan, or

delivered by Australia Post, State Mail Service or a DX service.

4.4.5 Electronic transmission

Telephone, VoIP, facsimile and video conference equipment

Information may be passed unencrypted over an agency’s private communications system

provided it is contained within a single site and uses only wire line or fibre optic bearers (that is,

with no microwave, cellular telephone, wireless LAN or similar radio frequency links).

If transmission is regular or frequent, agencies should conduct a risk assessment to determine

whether encryption is appropriate for communications between sites or within sites using other

than wire line or fibre optic transmission.

19

Data transmissions and email

infrequent transmissions may be made without special controls, and

agencies should consider encryption based on a risk assessment; suitable email encryption

products may be found, for example, on the Australian Signals Directorate’s (ASD’s)

Evaluated Products List (EPL).

Computer networks

should only be connected to public networks (including the internet) using appropriate

network connection control and / or routing control, on the basis of a risk assessment.

4.5 Sensitive: NSW Government

The Sensitive: NSW Government protective marking is used when the compromise of the

information could cause damage to the NSW Government, commercial entities or members of the

public. For instance, where compromise could:

endanger individuals and/or private entities

work substantially against state or national finances or economic and commercial interests

substantially undermine the financial viability of major organisations

impede the investigation or facilitate the commission of serious crime, or

seriously impede the development or operation of major government policies.

Information that was previously labelled as PROTECTED under the NSW labelling system may

translate to the DLM Sensitive: NSW Government.

Sensitive: NSW Government may also be abbreviated to Sensitive: NSW Govt.

Note: All control and handling requirements for Sensitive information apply to Sensitive: NSW

Government information – with the following additions and modifications.

4.5.1 Removal and auditing

Removal of documents or files

must be in personal custody of individual and when not in use kept in a locked container,

and

removal must be authorised by a manager (or equivalent) responsible for the business unit

that is custodian of the information.

Audits

it is good security practice to establish a program of spot checks of information at this

level.

20

4.5.2 Copying, storage and disposal

Disposal

Transfer in accordance with the State Records Act 1998 (NSW); or if not required, then records

destruction should be authorised under current retention and disposal authorities and be carried

out after minimum retention periods have been met:

paper items only: destroy by shredding

electronic media and equipment: must undergo sanitisation (the Commonwealth ISM

provides a guide), and

if ‘Accountable Material’: under supervision of two officers who must supervise the

removal of the material to the point of destruction, ensure that destruction is complete

and sign a certificate of destruction.

Records should be destroyed in ways that ensure that they cannot be recovered or reconstituted.

Destruction should be documented and contractors used for destruction should provide

certificates of destruction.

Records required as State archives in current retention and disposal authorities should be

transferred to State Records NSW as appropriate.

Note: State records in any form may only be disposed of in accordance with Part 3 of the State

Records Act 1998 (NSW), PPIPA and HRIPA.

4.5.3 Manual transmission

Within a single physical location

Single sealed opaque envelope that indicates the DLM; receipt at the discretion of the originator

AND:

passed by hand between people who have the need to know, or

placed in a locked container and delivered direct, by hand, by an authorised messenger.

May be passed, uncovered, by hand within a discrete office environment provided it is transferred

directly between members of staff with the need to know and there is no opportunity for any

unauthorised person to view the information.

Transfer between establishments

single sealed opaque envelope that does not give any indication of the classification AND

placed in a locked container and delivered direct, by hand, by an authorised messenger

AND receipt required, or

21

double, sealed envelope AND receipt required AND delivered securely by an overnight

courier that is endorsed in line with the agency security plan using the safe hand level of

service.

Where personal or health information is being transferred, it is also necessary to comply with the

requirements of PPIPA and HRIPA respectively.

4.5.4 Electronic transmission

Telephone, fax and video conference equipment

Information may be passed in clear over an agency’s private communications system contained

within a single site, using wire line or fibre optic bearers having a low probability of interception or

where Sensitive: NSW Government traffic is unpredictable and infrequent.

Between or within sites using other than wire line or fibre optic bearers, unless there is a low

probability of interception and Sensitive: NSW Government traffic is unpredictable and

infrequent, information must be encrypted, for example, by using products from ASD’s EPL.

Data transmissions and email

Unpredictable and infrequent Sensitive: NSW Government transmissions may be made without

special controls. Otherwise agencies should consider the use of appropriate encryption products,

for example, products from ASD’s EPL.

4.6 Sensitive: NSW Cabinet

This DLM that may be applied to sensitive NSW Cabinet documents, including:

any document including but not limited to business lists, minutes, submissions,

memoranda and matters without submission that are or have been submitted or proposed

to be submitted to the NSW Cabinet

official records of the NSW Cabinet, or

any other information that would reveal:

- the deliberations or decisions of the NSW Cabinet, or

- matters submitted, or proposed to be submitted to the NSW Cabinet.

Premier’s memorandum M2006-08 Maintaining Confidentiality of Cabinet Documents and Other

Cabinet Conventions describes the practice and convention of the confidentiality of NSW Cabinet

documents.

Sensitive: NSW Cabinet may be applied to NSW Cabinet documents and draft NSW Cabinet

documents, and they must be stored securely, and access should only be on a need to know basis.

22

Cabinet Conventions: NSW Practice details the importance of maintaining Cabinet confidentiality,

and the protections outlined therein continue to apply. Any Cabinet documents relating to

national security are to be classified accordingly. The Ministerial Handbook outlines handling

procedures for documents provided to NSW Cabinet.

To the extent of any inconsistency between these Guidelines, and guidance, policy or processes

issued by the NSW Department of Premier and Cabinet regarding the control or handling of

Sensitive: NSW Cabinet information, the latter prevail.

Note: In addition to the above, all control and handling requirements for Sensitive: NSW

Government information apply to Sensitive: NSW Cabinet, with the following additions and

modifications.

4.6.1 Copying, storage and disposal

Copying

copying Sensitive: NSW Cabinet documents is always prohibited.

4.7 Sensitive: Cabinet

This DLM is for Commonwealth Cabinet information – refer to the PSPF for requirements

regarding the application of this DLM, and in relation to control and handing.

Any use of this DLM is to be accompanied by a security classification of at least PROTECTED.

23

5 Applying security classifications

5.1 Control and handling of classified information

Refer to the PSPF for relevant requirements relating to the control and handling of security

classified information.

5.2 PROTECTED

The PROTECTED security classification is used when the compromise of the information could

cause damage to the Australian Government, commercial entities or members of the public. For

instance, where compromise could:

endanger individuals and private entities – the compromise of information could lead to

serious harm or potentially life threatening injury to an individual

work substantially against state or national finances or economic and commercial interests

substantially undermine the financial viability of major organisations

impede the investigation or facilitate the commission of serious crime, or

seriously impede the development or operation of major government policies.

For relevant control and handling requirements for PROTECTED information agencies are directed

to the PSPF and Information security management guidelines – Protectively marking and handling

sensitive and security classified information.

Personnel who access information that is classified at a level of PROTECTED or above should be

security-vetted.

Note: Information that was labelled as PROTECTED under the previous NSW system may not

translate to the Commonwealth definition of PROTECTED. The DLM Sensitive: NSW Government

may be more appropriate for NSW agencies to deal with sensitive information they hold.

5.3 CONFIDENTIAL

The CONFIDENTIAL security classification should be used when compromise of information could

cause damage to national security. For instance, where compromise could:

endanger small groups of individuals – the compromise of information could lead to

serious harm or potentially life threatening injuries to a small group of individuals

damage diplomatic relations – in other words, cause formal protest or other sanction

24

damage the operational effectiveness or security of Australian or allied forces

damage the effectiveness of valuable security or intelligence operations

disrupt significant national infrastructure, or

damage the internal stability of Australia or other countries.

For relevant control and handling requirements for CONFIDENTIAL information agencies are

directed to the PSPF and Information security management guidelines – Protectively marking and

handling sensitive and security classified information.

5.4 SECRET

The SECRET security classification should be used when compromise of information could cause

serious damage to national security, the Australian Government, nationally important economic

and commercial interests, or threaten life. For instance, where compromise could:

raise international tension

seriously damage relations with other governments

seriously damage the operational effectiveness or security of Australian or allied forces

seriously damage the continuing effectiveness of highly valuable security or intelligence

operations

threaten life directly – the compromise of information could reasonably be expected to

lead to loss of life of an individual or small group

seriously prejudice public order

substantially damage national finances or economic and commercial interests

shut down or substantially disrupt significant national infrastructure, or

seriously damage the internal stability of Australia or other countries.

For relevant control and handling requirements for SECRET information agencies are directed to

the PSPF and Information security management guidelines – Protectively marking and handling

sensitive and security classified information.

5.5 TOP SECRET

The TOP SECRET security classification requires the highest degree of protection as compromise of

information could cause exceptionally grave damage to national security. For instance, where

compromise could:

threaten directly the internal stability of Australia or other countries

25

lead directly to widespread loss of life – the compromise of information could reasonably

be expected to lead to the death of a large number of people

cause exceptionally grave damage to the effectiveness or security of Australian or allied

forces

cause exceptionally grave damage to the effectiveness of extremely valuable security or

intelligence operations

cause exceptionally grave damage to relations with other governments, or

cause severe long-term damage to the Australian economy.

Very little information warrants this marking and it should be used with the utmost restraint.

For relevant control and handling requirements for TOP SECRET information agencies are directed

to the PSPF and Information security management guidelines – Protectively marking and handling

sensitive and security classified information.

26

6 Applying caveats

6.1 When to use caveats

Certain security classified information, most notably some national security classified information,

may bear a security caveat in addition to a security classification. The caveat is a warning that the

information has special requirements in addition to those indicated by the protective marking.

Caveats are not used with DLMs and caveats are not used on their own without an accompanying

security classification. Caveats should not be used extensively in NSW.

People who need to know will be cleared and briefed about the significance of information bearing

caveats; other people are not to have access to this information.

The following categories of security caveat are used:

codewords

source codewords

Eyes Only

Australian Government Access only

Releasable to

special handling caveats, and

Accountable Material. Modifications to wording of caveats may take place with the approval of the Information Security

Steering Group.

6.2 Removing caveats

Information bearing agency-specific caveats is to be re-labelled or appropriate procedures agreed

before release or transmission outside of that agency.

The prior agreement of the originating agency – in other words, the agency that originally placed

the caveat on the material – is required to remove a caveat. If the originating agency will not agree

to the removal of the caveat then the information cannot be released. The requirement to obtain

agreement of the originating agency to release the material cannot be the subject of a policy

exception under any circumstances.

6.3 Codewords

A codeword is a word indicating that the information it covers is in a special need to know

compartment.

It is often necessary to take precautions beyond those normally indicated by the security

classification to protect this information. These precautions will be specified by the organisation

27

that owns the information – for instance, those with a need to access the information will be given

a special briefing first.

The codeword is chosen so that its ordinary meaning is unrelated to the subject of the

information.

6.4 Source codewords

A source codeword is a word or set of letters used to identify the source of certain information

without revealing it to those who do not have a need to know.

6.5 Eyes Only

The Eyes Only (EO) marking indicates that access to information is restricted to certain groups or

jurisdictions, or nationalities in the case of national information, for instance:

AUSTEO means Australian Eyes Only

AUST/US EO means Australian and US Eyes Only, and

NSWEO means New South Wales Government Eyes Only.

Any information marked Eyes Only cannot be passed to or accessed by those who are not listed in

the marking. More information on Eyes Only is outlined in the PSPF.

6.6 Australian Government Access Only (AGAO)

In limited circumstances AGAO is used by the Department of Defence and the Australian Secret

Intelligence Organisation (ASIO). It means these agencies may pass information marked with the

AGAO caveat to appropriately cleared representatives of foreign governments on exchange or

long-term posting or attachment to the Australian Government.

6.7 Releasable to

The caveat RELEASABLE TO identifies information that has been released or is releasable to the

indicated foreign countries only – for example, REL GBR,NZL means that the information may be

passed to the United Kingdom and New Zealand only.

RELEASABLE TO markings are to employ the appropriate two letter country codes from the SAI

Global - ISO 3166-1 Alpha 3 Codes for the representation of names of countries and their

subdivisions.

28

6.8 Special handling caveats

A special-handling caveat is a collection of various indicators such as operation codewords,

instructions to use particular communications channels and EXCLUSIVE FOR (named person). This

caveat is usually used only within particular need to know compartments.

There are special requirements for some caveat or codeword information. These are determined

by the controlling agency and provided on a need to know basis.

6.9 Accountable Material

If strict control over access to, and movement of, particularly sensitive information is required,

originators can make this information Accountable Material. What constitutes Accountable

Material will vary from agency to agency, but could include Budget papers, tender documents and

sensitive ministerial briefing documents.

Accountable Material is subject to the following conditions:

the caveat ‘Accountable Material’ can be in bold print on the front cover of the material –

not necessary for Cabinet documents, TOP SECRET information or codeword material

it is to carry a reference and individual copy number – agencies could also consider making

each page accountable by numbering (for example, page 3 of 10), and placing the

document copy number on each page

it is to carry a warning such as: not to be copied without the prior approval of the

originator

it is only to be passed by hand or safe hand – if it is passed to another person, a receipt is

to be obtained, and

a central register is to be maintained of all persons having access to each accountable

document – this central register is separate from the movement record which forms part

of the document or file.

29

APPENDIX A – Suggested mapping

Business Impact Levels

Previous NSW label

Suggested protective markings under these Guidelines

Dissemination Limiting Marker (DLM) Listed in order of most to least likely.

Security classification

No impact UNCLASSIFIED

Low to Medium PERSONNEL-IN-CONFIDENCE

Sensitive: Personal Sensitive: NSW Government For Official Use Only (FOUO)

UNCLASSIFIED

Low to Medium COMMERCIAL-IN-CONFIDENCE

For Official Use Only (FOUO) Sensitive: NSW Government

UNCLASSIFIED

Low to Medium CLIENT-IN-CONFIDENCE

Sensitive: Legal Sensitive: NSW Government For Official Use Only (FOUO)

UNCLASSIFIED

Low to Medium SECURITY-IN-CONFIDENCE

Sensitive: NSW Government For Official Use Only (FOUO)

UNCLASSIFIED

Low to Medium STAFF-IN-CONFIDENCE

Sensitive: Personal Sensitive: NSW Government For Official Use Only (FOUO)

UNCLASSIFIED

High

CABINET-IN-CONFIDENCE

Sensitive: NSW Cabinet UNCLASSIFIED

High PROTECTED Sensitive: NSW Government

UNCLASSIFIED PROTECTED

High or Very high HIGHLY PROTECTED Sensitive: NSW Government UNCLASSIFIED PROTECTED CONFIDENTIAL SECRET

Extreme

SECRET

Catastrophic

TOP SECRET

30

APPENDIX B – Transition guidance

B1. A consistent approach

NSW Government is committed to the adoption of best practice for information security as

outlined in the NSW Digital Information Security Policy. The NSW system is closely aligned with the

Commonwealth system, which has already been in use in some NSW Government agencies.

Agencies are to adopt practices for labelling and handling sensitive information in accordance with

these Guidelines by 1 January 2014, as they introduce consistent information security processes.

Labelling sensitive information is an essential part of information security and the international

standard AS/NZS ISO/IEC 27001:2005 Information technology – Security techniques – Information

security management systems – Requirements.

Adopting a consistent approach will give agencies confidence that when they distribute sensitive

information to other agencies it will be properly safeguarded.

B2. Key points for transition

Agencies are to adopt practices for labelling and handling sensitive information in accordance

with these Guidelines by 1 January 2014.

These Guidelines are consistent with GIPAA, PPIPA, HRIPA and the State Records Act 1998

(NSW).

Agencies holding Commonwealth classified information are to continue to handle that

information in accordance with the Commonwealth PSPF.

Agencies are not to create their own labelling schemes beyond what is outlined in these

Guidelines, but they may adopt more stringent handling procedures, potentially based on PSPF

requirements, if they consider it appropriate.

Agencies are not expected to review all their existing information holdings and label or re-label

them.

Most documents labelled under the previous NSW system can retain their existing labels,

providing staff are aware of the appropriate handling requirements.

31

B3. Frequently asked questions

1. What do we have to do by 1 January 2014?

From 1 January 2014:

All sensitive or classified materials must be handled according to the new system, and

Newly created sensitive or classified materials must be labelled and/or classified according

to the new system.

2. Do we have to review and re-label all our existing information holdings?

No.

Agencies should consider the nature of the information they handle and take a risk-based

approach to the application of new protective markings.

Appendix A provides a table mapping the most common existing labels to the new system for

classifying and labelling sensitive information. Using this table or incorporating it into agency

procedures can assist staff to handle older documents appropriately, without the need for re-

labelling.

3. What if our legacy materials are labelled with protective markings that are not supported in

the new system?

Agencies should make a risk-based decision about re-labelling according to their own systems and

resources. For example:

a specific group of legacy materials, information within a particular filing system or

database may be progressively re-labelled, according to agency guidelines / timelines

information could be reviewed and/or re-labelled only if it is requested or retrieved from a

storage area, or

materials may not be re-labelled; agency guidelines and training can enable staff to handle

materials appropriately (e.g. using the mapping table in Appendix A).

4. In which kinds of situations might review or re-labelling be required?

If an agency has previously applied labels and the same word is used for a DLM or security

classification in the new system (but with a different meaning), and there is potential for lack of

clarity or confusion, then re-labelling may be required subject to business needs.

In this scenario it is important to ensure that the content of the material matches the definitions in

the new system.

32

5. What happens to material labelled as “Protected” under the previous NSW system?

The previous NSW system had a category of “Protected”. Some of this material may not match the

current definition for the security classification of PROTECTED.

Agencies should consider the way they have applied this label in the past and whether information

content is likely to be considered PROTECTED under the new system. If so, the current labels can

be maintained. Agencies should ensure appropriate handling procedures are in place.

If the material does not warrant security classification, consider whether the material can be

mapped to the DLM Sensitive: NSW Government. This may require some form of re-labelling.

It is important that any material bearing the security classification PROTECTED should be handled

according to these Guidelines and relevant parts of the PSPF as appropriate.

6. Material that does not have a label – is it UNCLASSIFIED or FOUO or “Public”?

Newly created or unlabelled material is, by default, UNCLASSIFIED and should be stored and

handled according to NSW State Records standards and guidance and other NSW legislative and

regulatory requirements as appropriate.

This information may remain unlabelled, or it may be marked UNCLASSIFIED if required by agency

policy.

If it is determined the material contains sensitive information, use these Guidelines to identify the

appropriate protective marking.

“Public” is not an approved DLM. Agencies should consider whether UNCLASSIFIED material can be

proactively released under GIPAA.

7. Can agencies create DLMs to suit their specific needs?

No. Agencies must not create their own DLMs.

New Sensitive DLMs may be created by agencies when the following three conditions are met:

1. there is an specific agency need

2. there is no approved DLM which is appropriate for use, and

3. the new DLM is endorsed by the Information Security Steering Group.

Appendix A provides a table mapping the most common previous labels to the new system for

classifying and labelling sensitive information.

8. Can agencies create security classifications or caveats to suit their specific needs?

No. Agencies must use only approved security classifications and caveats, strictly in accordance

with these Guidelines and the relevant parts of the PSPF as appropriate.

33

APPENDIX C – Protective markings in use in NSW

PROTECTIVE MARKING

DESCRIPTION

DLM

SECURITY CLASSIFICATION

UNCLASSIFIED1 Information not requiring security classification.

For Official Use Only (FOUO)

May only be used on UNCLASSIFIED information, when its compromise may cause limited damage to national security, Australian Government agencies, commercial entities or members of the public.

Sensitive

For information where the secrecy provisions of enactments may apply and/or the disclosure of the information may be limited or prohibited under legislation.

Sensitive: Personal

May be used for information that is sensitive personal information (aligned with the definition of ‘sensitive information’ in the Privacy Act 1988 (Commonwealth))

2.

Sensitive: Legal

May be used for any information that may be subject to legal professional privilege.

Sensitive: NSW Government Compromise of the information could cause damage to the NSW Government, NSW Government agencies, commercial entities or members of the public.

Sensitive: NSW Cabinet May be used for sensitive NSW Cabinet documents.

Sensitive: Cabinet PROTECTED May be used for sensitive Commonwealth Cabinet documents.

PROTECTED Compromise of the information could cause damage to the Australian Government, commercial entities or members of the public. May be used with a caveat.

CONFIDENTIAL Compromise of the information could cause damage to national security. May be used with a caveat.

SECRET Compromise of the information could cause serious damage to national security, the Australian Government, nationally important economic and commercial interests, or threaten life. May be used with a caveat.

TOP SECRET Compromise of the information could cause exceptionally grave damage to national security. May be used with a caveat.

Interpretation

‘Australian Government’ does not refer to the NSW State Government, nor other State or Territory governments.

This table does not list caveats, which may be used in conjunction with security classifications – in accordance with these Guidelines and the PSPF.

1 UNCLASSIFIED is not a protective marking; it is used by convention to describe official information that is not

expected to cause harm and does not require a security classification. This information may remain unmarked, however, it may be marked UNCLASSIFIED if required. 2 This DLM references Commonwealth legislation, but additional DLMs referencing equivalent NSW legislation may be

created if there is a need, with agreement from the Steering Group, and pursuant to these Guidelines. Sensitive information can include:

a) information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record;

b) personal information; c) health information about an individual; d) genetic information about an individual that is not otherwise health information; e) biometric information that is to be used for the purpose of automated biometric verification or biometric

identification; or f) biometric templates.

34

APPENDIX D – Business Impact Levels

1 (LOW) 2 (MEDIUM) 3 (HIGH)

e.g. PROTECTED LEVEL 4 (VERY HIGH)

e.g. CONFIDENTIAL LEVEL 5 (EXTREME)

e.g. SECRET LEVEL 6 (CATASTROPHIC)

e.g. TOP SECRET LEVEL

Could be expected to harm government agency operations, commercial

entities or members of the public by:

Could be expected to cause limited damage to national security, government agency

operations, commercial entities or members of the public by:

Could be expected to damage government agency operations, commercial entities or members

of the public by:

Could be expected to damage national security by:

Could be expected to seriously damage national security, government agency operations,

commercial entities or members of the public by:

Could be expected to cause exceptionally

grave damage to national security by:

causing a degradation in organisational capability to an extent and duration that, while the agency can perform its primary functions, the effectiveness of the functions is noticeably reduced

resulting in minor damage to agency assets

resulting in minor financial loss

minor harm to individuals - not resulting in physical injury such as minor breach of privacy or financial loss

undermining the financial viability of a minor Australia-based or Australian-owned organisation.

causing a significant degradation in organisational capability to an extent and duration that, while the agency can perform its primary functions—including national security type functions—the effectiveness of the functions is significantly reduced

resulting in significant harm to agency assets

resulting in significant financial loss

limited harm to individuals – could cause harm to individuals including injuries that are not serious or life threatening

causing damage to the operational effectiveness or security of Australian or allied forces—e.g. compromise of a logistics system causing re-supply problems without causing risk to life

causing embarrassment to diplomatic relations

disadvantaging a major Australian company

hindering the detection, impeding the investigation, or facilitating the commission of low-level crime—i.e. crime not defined in legislation as serious crime—or hindering the detection of serious crime

resulting in loss to Australian Government / public sector of $10 million, up to $100 million

undermining the financial viability of a major Australia-based or Australian-owned organisation, or

resulting in minor loss of confidence in government.

causing a severe degradation in or loss of organisational capability to an extent and duration that the agency cannot perform one or more of its primary functions

resulting in major harm to agency assets

resulting in major financial loss

endanger individuals – the compromise of information could lead to serious harm or potentially life threatening injury to an individual

disadvantaging a number of major Australian companies

impeding the investigation of, or facilitating the commission of, serious crime—as defined in legislation

resulting in short-term material damage to national finances or economic interests—to an estimated total of $100 million to $10 billion

causing material damage to international trade or commerce, directly and noticeably reducing economic growth in Australia, or

resulting in a major loss of confidence in government.

causing a severe degradation in or loss of organisational capability to an extent and duration that the agency cannot perform one or more of its national security functions

resulting in major harm to agency national security assets

endanger small groups of individuals – the compromise of information could lead to serious harm or potentially life threatening injuries to a small group of individuals

resulting in severe damage to the operational effectiveness or security of Australian or allied forces—e.g. compromise of the operational plans of units of company size or below in a theatre of military operations

materially damaging diplomatic relations—e.g. cause formal protest or other sanctions

disadvantaging Australia in international negotiations—e.g. advance compromise of Australian negotiation strategy or acceptable outcomes, in the context of a bilateral trade dispute

causing damage to Australian or allied intelligence capability, or

causing major, long-term impairment to the ability to investigate serious crime—as defined in legislation.

causing a severe degradation in or loss of organisational capability to an extent and duration that the agency cannot perform any of its national security functions

threaten life directly – the compromise of information could lead to loss of life of an individual or small group

threatening directly the internal political stability of Australia or friendly countries

causing exceptionally grave damage to the operational effectiveness or security of Australian or allied forces—e.g. compromise of the operational plans of units of battalion size or above in a theatre of military operations

raising international tension, or seriously damaging relations with friendly governments

severely disadvantaging Australia in international negotiations—e.g. advance compromise of Australian negotiation strategy or acceptable outcomes, in the context of a major WTO negotiating round

causing severe damage to Australian or allied intelligence capability

causing major, long-term impairment to the ability to investigate serious organised crime—as defined in legislation

causing major, long-term damage to the Australian economy—to an estimated total in excess of $20 billion

causing major, long-term damage to global trade or commerce, leading to prolonged recession or hyperinflation in Australia, or

threatening directly the internal stability of Australia or friendly countries leading to widespread instability.

resulting in the collapse of internal political stability of Australia or friendly countries

leading directly to widespread loss of life – the compromise of information could lead to the death of a large number of people

directly provoking international conflict, or

causing exceptionally grave damage to relations with friendly governments.

35

APPENDIX E – Classification and labelling content examples

DLMs

FOUO Sensitive Sensitive: Personal Sensitive: Legal Sensitive: NSW Government

Sensitive: NSW Cabinet Sensitive: Cabinet

- A tender response. - Private citizen submission to an agency outlining opposition to a new business opening in the community.

- Information which may not be disclosed due to a legal sanction.

- Employee file including information regarding health status.

- Legal advice provided to the agency. - Document outlining agency legal concerns provided to legal advisers. - Notes of a meeting to advise of a response to a threat of legal action against the agency.

- Internal brief reflecting on interests of a group of community members, provided to government in confidence. - Police report regarding a low level investigation.

- Business lists, minutes, submissions or memoranda that have been or are proposed to be submitted to the NSW Cabinet.

- Business lists, minutes, submissions or memoranda that have been or are proposed to be submitted to the Commonwealth Cabinet.

Security classifications

UNCLASSIFIED

PROTECTED CONFIDENTIAL SECRET TOP SECRET

- Official information not needing security classification.

- Commonwealth brief relating to negotiations with States on funding.

- Commonwealth report on emerging security threats to Australia.

- Background information on a new military purchase for the Australian Defence Force.

- Highly sensitive, strategic report on covert deployment of a new military capability.

36

APPENDIX F – Aligning control and handling requirements

Situations may arise where there are differences between the requirements for control and/or handling in

these Guidelines and what is set out in the PSPF (as updated from time to time).

This table provides courses of action for specific scenarios.

Scenario Course of action

Information has a DLM and a security classification,

which control and/or handling requirements apply?

The requirements in the PSPF regarding the relevant

security classification take precedence to the extent of any

inconsistency.

The document has a DLM, and there is an

inconsistency between a mandatory control and/or

handling requirement in these Guidelines and the

PSPF, and the document was created by the NSW

Government and/or primarily relates to the

operation of the NSW Government.

Which requirement applies?

The requirements in these Guidelines take precedence to

the extent of any inconsistency.

The document has a DLM, and there is an

inconsistency between a mandatory control and/or

handling requirement in these Guidelines and the

PSPF, and the document was created by the

Commonwealth and/or primarily relates to the

operation of the Commonwealth.

Which requirement applies?

The requirements in the PSPF take precedence to the

extent of any inconsistency.

The PSPF is silent on an aspect of control and/or

handling, but these Guidelines have specific

requirements, do the requirements in these

Guidelines have to be met?

These Guidelines take precedence in relation to that aspect

of control and/or handling and have to be met.

The PSPF has a recommendation (e.g. using ‘can’ or

‘should’) regarding an aspect of control and/or

handling, but the Guidelines have a mandatory

requirement in relation to that same aspect, which

takes precedence?

If the document was created by the NSW Government

and/or primarily relates to the operation of the NSW

Government, the mandatory requirement in these

Guidelines takes precedence.

Otherwise, the PSPF recommendation takes precedence.

37

APPENDIX G – Resources

Further to the key documents listed in section 2.6, the following table provides a list of other resources

which may influence information security classification and labelling procedures.

Issuer Reference Document name

Commonwealth Australian Government Protective Security Policy Framework (PSPF) – documents map

Commonwealth As updated (version 1.0, 18 July 2011)

Information security management guidelines – Australian Government security classification system

Commonwealth As updated (version 1.0, 21 June 2011)

Protectively marking and handling sensitive and security classified information

Commonwealth As updated (version 1.5, 6 June 2010)

Australian Government Protective Security Policy Framework – Securing Government business

Commonwealth As updated (version 1.0, 21 June 2011)

Protective Security Governance Guidelines – Business Impact Levels

Commonwealth Current version, as updated Physical security management guidelines

Commonwealth 2012 (as updated) Information Security Manual

Commonwealth Current version in effect, as amended

Privacy Act 1988 (Commonwealth)

NSW Government Current version in effect, as amended

NSW Digital Information Security Policy

NSW Government Current version in effect, as amended

Health Records and Information Privacy Act 2002 (NSW)

NSW Government Current version in effect, as amended

Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA)

NSW Government Current version in effect, as amended

Government Information (Public Access) Act 2009 (NSW) (GIPAA)

NSW Government Current version in effect, as amended

State Records Act 1998 (NSW)

NSW Government Current version in effect, as amended

Court Information Act 2010 (NSW)

NSW Department of Finance and Services

Version 1.2, 30 June 2011 NSW Guide to Labelling Sensitive Information 2011 (previous system in NSW)

NSW Department of Finance and Services

NSW Government ICT Strategy

38

NSW Department of Premier and Cabinet

Cabinet Conventions: NSW Practice

NSW Department of Premier and Cabinet

7 June 2006 M2006-08 Maintaining Confidentiality of Cabinet Documents and Other Cabinet Conventions

NSW Department of Premier and Cabinet

30 July 2007 M2007-13 Release of NSW Government Security Sensitive Information to Third Parties

NSW Department of Premier and Cabinet

30 September 2008 M2008-17 NSW Policy and Guidelines for Protecting National Security Information

NSW Department of Premier and Cabinet

As updated (June 2011) Ministerial Handbook

39

APPENDIX H – Glossary

The following glossary provides definitions for terms that are not otherwise explained in the text of the

Guidelines.

Accountable Material In these Guidelines the term Accountable Material means particularly

sensitive information requiring strict access and movement control.

Such items are recorded in a central register in each holding

organisation.

Clear desk policy The term Clear desk policy means that items with a protective marking

must be secured when unattended and their content always

unobservable to people without the Need to know.

Commonwealth Refers to the Australian Government, and includes Australian

Government agencies.

Damage Damage referred to in these Guidelines may be financial, commercial

or reputational damage to any NSW Government agency, the NSW

Government, the Australian Government, or an Australian Government

agency.

Infrequent The term Infrequent means no more than one transmission per month

within or from a site.

National security information Official information whose compromise could affect the security of the

nation.

National security information could include information about security

threats from espionage, sabotage, politically motivated violence,

promotion of communal violence, attacks on Australia’s defence, acts

of foreign interference or serious organised crime, as well as the

protection of Australia’s borders.

40

Need to know The term Need to know means that access to information should be

limited to those that need to know or use it. It is applied at the level of

specific individuals and applies to all types of sensitive information.

Agencies should take all reasonable and appropriate precautions to

ensure that only people with a proven need to know gain access to

sensitive and security classified information.

People are not entitled to access information merely because it would

be convenient for them to know or because of their status, position,

rank or level of authorised access.

Safe hand Carriage of protectively marked information by Safe hand means it is

despatched to the addressee in the care of an authorised officer or

succession of authorised officers who are responsible for its carriage

and safekeeping (see the PSPF for guidance).

Secure area The term Secure area means a work area to which physical access is

controlled and all visitors, whether working for the agency or not, are

escorted.

An office area may be a secure area.

Central register A central record is to be maintained of all persons having access to any

information marked TOP SECRET or Accountable Material.

This register is separate from any movement record which forms part

of the document or file (see the PSPF for guidance).

UNCLASSIFIED Official information that is not expected to cause harm and does not

require a security classification; it may be unlabelled or it may be

marked UNCLASSIFIED.

UNCLASSIFIED is not a protective marking or a security classification.

This type of information represents the bulk of official information.