Image of NSW Parliament House courtesy of J Bar at the English-language Wikipedia, CC BY-SA 3.0
Data NSW updated the 'NSW Government Information Classification, Labelling and Handling Guidelines v.2.0' (henceforth referred to as 'Guidelines') in August 2020. (Note: v2.1 issued in October 2020, updated links to the NSW Government Legislative website). The aim of the Guidelines is to standardise how the NSW Government sector receives, uses and manages information and data on behalf of the NSW public, other agencies, states and territories and the Australian Government.
The Guidelines align with the Australian Government's Protective Security Policy Framework (PSPF) 2018 focusing on: Policy 8 Sensitive and security classified information and the Email Protective Marking Standard.
The Guidelines detail how the NSW Government sector can correctly assess the sensitivity or security classification of their information, then adopt appropriate marking and management of the information.
The Guidelines will help NSW Government agencies to:
- understand how to assess NSW Government information and data to determine if:
- the information is UNOFFICIAL or OFFICIAL
- the information is sensitive, why its sensitive and which Dissemination Limiting Marker (DLM) to apply
- a security classification must be applied.
- understand how to receive and interpret the labelling on information received from the Australian Government.
The Guidelines apply to the classification, labelling and handling of sensitive and security classified information in any format, including records in physical and digital format, data sets and digital records.
Note: The Australian Government introduced a new caveat 'NATIONAL CABINET' in response to COVID-19. It commenced December 2020. Information about this caveat will be added to the existing Guidelines when possible.
PROTECTIVE MARKINGS IN USE IN NEW SOUTH WALES
The key aspects of the Guidelines are as follows, with the business impact tabulated below:
- UNOFFICIAL information is not work related.
- OFFICIAL information is related to the agency’s business, but does not have security or sensitivity issues. This information does not need to be labelled, but agencies may choose to do so. This information is still important to government and may still need security measures to protect the integrity and availability of this material.
- OFFICIAL: Sensitive information, if compromised, may cause limited damage to individuals, organisations or government. NSW uses six DLMs to describe the type of sensitivity of the information, per the table below.
- The Australian government uses the DLM OFFICIAL:Sensitive either as a classification in its own right, or with additional IMMs and/or Caveats.
- There are three security classifications under the PSPF:
- PROTECTED
- SECRET
- TOP SECRET
|
Protective Marking |
Business Impact Level |
Description of impact that the compromise of information confidentiality could cause |
|
UNOFFICIAL |
No business impact |
No damage. |
|
OFFICIAL |
Low business impact |
No damage or insignificant damage. |
|
OFFICIAL: Sensitive - NSW DLMs |
Low to medium business impact |
Limited damage to an individual, organization or government. |
|
PROTECTED |
High business impact |
Damage to the national interest, organisations or individuals. |
|
SECRET |
Extreme business impact |
Serious damage to the national interest, organisations or individuals. |
| TOP SECRET |
Catastrophic business impact |
Exceptionally grave damage to the national interest, organisations or individuals. |
The issue which causes the most concern for NSW agencies is the difference between assessing information as sensitive, namely OFFICIAL: Sensitive requiring a DLM, or PROTECTED. There is a helpful assessment flow chart to help clarify this in the Guidelines. There is also useful advice about which OFFICIAL: Sensitive NSW DLM should be applied, with specific advice where information falls into more than one category.
Application of labels
Labels should be applied when the information is created and if information is received from another source and is not appropriately labelled. Agencies are not required to label UNOFFICIAL or OFFICIAL information. Agencies may determine their own policy for labelling OFFICIAL information, according to their own operating requirements. A NSW agency sending sensitive information to another government agency must label the information with a DLM, so that the receiving agency will understand the sensitivity of the information.
NSW government agencies receiving Australian Government information that is sensitive and security classified should comply with the procedures set out in PSPF Policy 8 Sensitive and security classified information.
HOW EMBEDDED META DATA CAN EXTEND SECURITY
Janusseal software has the ability to classify beyound visible markers with automated processes. It can embed NSW security classifications directly into files and documents. This meta data can then be used to allow or disallow access as required, matching the security classification label with the security clearance of the user.
The access control put into files can be interpreted by Janusseal's Outlook classification solutions, ensuring the same security labels are recognised when files are sent electronically, with unauthorised users prevented from receiving the email.
OPEN STANDARDS, INTEROPERABILITY and leveraging m365
Janusnet's software has been developed with open standards and interoperability in mind. Our software is designed for serverless deployments better suited to cloud usage, giving our software the capability to leverage the Microsoft 365 platform.
Janusnet has configurations for both hard copy and electronic information classification requirements for all state governments and the Commonwealth Email Protective Marking Standard (EPMS) which is a component of the PSPF. Janusnet uses part of the EPMS for state government configurations. Find out how state agencies can gain productivity and security benefits, by using the EPMS as the basis for how your emails are protectively marked.
CONTACT US
If you would like to discuss how Janusnet can help you comply with the marking requirements in the Guidelines or to obtain a fully working NSW compliant Janusseal evaluation, please contact us.
