NSW Government Information Classification Guidelines

 

Image of NSW Parliament House courtesy of sv1ambo, CC BY 2.0, via Wikimedia Commons 

Data NSW updated the 'NSW Government Information Classification, Labelling and Handling Guidelines v.2.0' (henceforth referred to as 'Guidelines') in August 2020. (Note: v2.1 issued in October 2020, updated links to the NSW Government Legislative website). The aim of the Guidelines is to standardise how the NSW Government sector receives, uses and manages information and data on behalf of the NSW public, other agencies, states and territories and the Australian Government.

The Guidelines align with the Australian Government's Protective Security Policy Framework (PSPF) 2018 focusing on: Policy 8 Sensitive and security classified information and the Email Protective Marking Standard. 

The Guidelines detail how the NSW Government sector can correctly assess the sensitivity or security classification of their information, then adopt appropriate marking and management of the information.

The Guidelines will help NSW Government agencies to:

  • understand how to assess NSW Government information
    • assess whether the information is UNOFFICIAL or OFFICIAL
    • the sensivitiy of the information and why it's sensitive
    • the appropriate classification to apply
  • understand how to receive and interpret the labelling on information received from the Australian Government.

The Guidelines apply to information in both hard copy and electronic format. 

PROTECTIVE MARKINGS IN USE IN NEW SOUTH WALES

The key aspects of the Guidelines are as follows, with the business impact tabulated below:

  • UNOFFICIAL information is not work related.
  • OFFICIAL information is related to the agency’s business, but does not have security or sensitivity issues. This information does not need to be labelled, but agencies may choose to do so. This information is still important to government and may still need security measures to protect the integrity and availability of this material.
  • OFFICIAL: Sensitive information, if compromised, may cause limited damage to individuals, organisations or government. NSW uses six DLMs to describe the type of sensitivity of the information, per the table below.
  • The Australian government uses the DLM OFFICIAL:Sensitive either as a classification in its own right, or with additional IMMs and/or Caveats.
  • There are three security classifications under the PSPF:
    1. PROTECTED
    2. SECRET
    3. TOP SECRET

Protective Marking

Business Impact Level

Description of impact that the compromise of information confidentiality could cause

UNOFFICIAL

No business impact

No damage.
This information does not form part of official duty.

OFFICIAL

Low business impact

No damage or insignificant damage.
This relates to most routine information. Some agencies may require OFFICIAL information to be labelled, but most will not. 

OFFICIAL: Sensitive - NSW DLMs
1. NSW Cabinet
2. Legal
3. Law enforcement
4. Health information
5. Personal
6. NSW Government.

Low to medium business impact

Limited damage to an individual, organization or government.

PROTECTED

High business impact

Damage to the national interest, organisations or individuals.

SECRET

Extreme business impact

Serious damage to the national interest, organisations or individuals.

TOP SECRET

Catastrophic business impact

Exceptionally grave damage to the national interest, organisations or individuals.

The issue which causes the most concern for NSW agencies is the difference between assessing information as sensitive, namely OFFICIAL: Sensitive requiring a DLM, or PROTECTED. There is a helpful assessment flow chart to help clarify this in the Guidelines. There is also useful advice about which OFFICIAL: Sensitive NSW DLM should be applied, with specific advice where information falls into more than one category.

Application of labels

Labels should be applied when the information is created and if information is received from another source and is not appropriately labelled. Agencies are not required to label UNOFFICIAL or OFFICIAL information. Agencies may determine their own policy for labelling OFFICIAL information, according to their own operating requirements. A NSW agency sending sensitive information to another government agency must label the information with a DLM, so that the receiving agency will understand the sensitivity of the information. 

NSW government agencies receiving Australian Government information that is sensitive and security classified should comply with the procedures set out in PSPF Policy 8 Sensitive and security classified information. 

HOW EMBEDDED META DATA CAN EXTEND SECURITY

Janusseal software has the ability to classify beyound visible markers with automated processes. It can embed NSW security classifications directly into files and documents. This meta data can then be used to allow or disallow access as required, matching the security classification label with the security clearance of the user.

The access control put into files can be interpreted by Janusseal's Outlook classification solutions, ensuring the same security labels are recognised when files are sent electronically, with unauthorised users prevented from receiving the email.

OPEN STANDARDS, INTEROPERABILITY and leveraging m365

Janusnet's software has been developed with open standards and interoperability in mind. Our software is designed for serverless deployments better suited to cloud usage, giving our software the capability to leverage the Microsoft 365 platform. 

Janusnet has configurations for both hard copy and electronic information classification requirements for all state governments and the Commonwealth Email Protective Marking Standard (EPMS) which is a component of the PSPF.  Janusnet uses part of the EPMS for state government configurations. Find out how state agencies can gain productivity and security benefits, by using the EPMS as the basis for how your emails are protectively marked.

CONTACT US

If you would like to discuss how Janusnet can help you comply with the marking requirements in the Guidelines or to obtain a fully working NSW compliant Janusseal evaluation, please contact us.

Discuss NSW Guidelines