The South Australian Protective Security Framework

Image of Parliament House, South Australia courtesy of hypnotiseme - Own work, CC BY-SA 4.0

The South Australian Protective Security Framework incorporates relevant South Australian security policies and provides tailored guidance and other resources for all South Australian public sector agencies. Part of the Framework is the Information Security Policy which aims to ensure all South Australian Government agencies protect their information assets from compromise.

A deeper component of the Information Security Policy is the South Australian Information Classification System (ICS). All South Australian Government agencies “…must use the system when assessing the confidentiality, integrity and availability of their information assets to ensure appropriate classification, protective markings and handling requirements are assigned.”

The use of security classification labels (protective markings) as an effective means to maintain data confidentiality and prevent data leakage is well established in national government circles, when dealing with both hardcopy and electronic information. 

PROTECTIVE MARKINGS IN USE IN SOUTH AUSTRALIA

This is covered in detail in the SAICS Overview document. Therein the South Australian Government describes its approach to classifying and labelling sensitive information. Its ICS is based upon the Commonwealth Government's sensitive and classified information requirements under the Protective Security Policy Framework (PSPF) with some modifications to suit the South Australian context.  

There are three main components of a protective marking: security classification, information management markers and caveats.  Specific definitions of each protective marking are set out in the table below. (This table does not list caveats or information management markers, which may be used in conjunction with security classifications – in accordance with the SAICS Overview document.)

Protective Marking

Business Impact Level

Description

UNOFFICIAL

0

UNOFFICIAL can be used for non-work-related information (including emails). Use of the protective marking is optional.

OFFICIAL

1

OFFICIAL describes routine information created or processed by the South Australian public sector with a low business impact. Use of the protective marking is optional, but recommended.

OFFICIAL: Sensitive

2

OFFICIAL: Sensitive identifies sensitive, but not security classified information. It is a single dissemination limiting marker (DLM) which indicates that compromise of the information may result in limited damage to an individual, organisation or government generally. Use of the protective marking is mandatory.

PROTECTED

3

PROTECTED is a security classification which indicates that compromise of the information may result in damage to the state or national interests, organisations or individuals. Use of the protective marking is mandatory.

SECRET  

4

SECRET is a security classification which indicates compromise of the information may result in serious damage to the state or national interests, organisations or individuals. Use of the protective marking is mandatory.

TOP SECRET

5

TOP SECRET is a security classification which indicates compromise of the information may result in exceptionally grave damage to the state or national interests, organisations or individuals. Use of the protective marking is mandatory.

PROTECTED, SECRET and TOP SECRET are the only three true security classifications used in South Australia; the lower sensitivity protective markings can be thought of as pseudo-classifications.

Information Management Markers can be added to an appropriate classification of OFFICIAL:Sensitive or higher. They are used to reflect ‘rights properties’ for particular content and can inform access restrictions. They are not mandatory. The recognised IMMs in SA are:

  • Legislative Secrecy
  • Personal Privacy
  • Legal Privilege
  • Medical in Confidence

Caveats indicate extra special security requirements for public sector information in addition to the confidentiality requirements of the security classification, further restricting access to the material. 

Types of caveats which may be encountered in South Australian government include sensitive compartment information (codewords), foreign government markings, special handling instructions or releasability caveats; these caveats generally align with the national level caveats of the Commonwealth. South Australia does have its own SA Cabinet caveat that can be used with information at a security classification of OFFICIAL:Sensitive and above.

Click here for further information about Compliance with the South Australian Protective Security Framework (Information Classification System)

If you would like to discuss how Janusnet can help you comply with SAICS compliance standards, please contact us or to obtain a fully working Janusseal evaluation with SAICS configuration, please complete the form below: