The Western Australian Information Classification Policy

Image of Government House, Western Australia courtesy of JarrahTree/, CC BY 2.5 AU 

The Western Australian Government launched the Western Australian Government Information Classification Policy (WAICP) in August 2020. It provides a standard for agencies to protect, store and share their information assets. WAICP is part of the 'Safe and secure' strategic policies in the Digital Strategy for the Western Australian Government 2021-2025.

The information classification objective of the Policy is to provide a "uniform approach and common language to guide information sharing within and between agencies". The implementation of the Policy will enable agencies to:

  • clearly and consistently identify the sensitivity of their information
  • apply appropriate protective security measures
  • communicate the sensitivity of information within the agency, with other agencies, and third-party organisations (where relevant)
  • increase the security literacy and awareness of the workforce.

The use of protective markings (security classification labels) as an effective means to maintain data confidentiality and prevent data leakage is well established in national government circles, when dealing with both hardcopy and electronic information. 


Under the policy, agencies are required to comply with three classifications mandated by the requirements of the Digital Security Policy.  They are:

  • OFFICIAL Sensitive

These align with the Australian Government's protective markings for non-security classified information in its Protective Security Policy Framework (PSPF). The majority of information created or processed by agencies is OFFICIAL. This includes content relating to routine business operations and services.

The OFFICIAL Sensitive classification denotes information that due to its sensitive nature requires application of appropriate protective security measures and limited dissemination. It is the highest level of classification that is not covered under arrangements with other jurisdictions. Sublabels maybe applied to OFFICIAL Sensitive as required by legislation or where special handling is required. These include Cabinet, Personal, Commercial and Legal. 

For the protection of COMMONWEALTH SECURITY CLASSIFIED information, agencies are required to comply with the provisions of the relevant inter-jurisdictional agreement(s).  Most agencies will never work with information in this category.

Protective Marking

Business Impact Level




UNOFFICIAL information refers to content that is not related to official work duties or functions.
Examples can include an invitation to a coffee catch-up with a friend, or discussions relating to out of work activities or schedules.



OFFICIAL information refers to the majority of government information created, used or handled by agencies.
This may include content relating to routine business operations and services and information in a draft format (not otherwise captured by higher-level business impacts). If authorised for unlimited public releases, information at this level may be published publically.
Information compromise would result in limited or no damage to a business, an entity or an individual (or those associated with them).

OFFICIAL Sensitive


OFFICIAL Sensitive Information identifies ‘sensitive’ material created, used or handled by agencies. This may include content that has limitations restricting its use, disclosure or dissemination.
Information compromise would result in significant damage to a business, an entity or an individual (or those associated with them).

The table above is expanded in the Business Impact Levels Tool publication and is supported by an Information classification assessment guide which helps to clarify which protective marking should be applied.  Both the BIL tools and assessment guide are also included DGov's most recent publication to support the WAICP - The WA Information Classification Policy Supplementary Guide v.6 dated May 2021. 

Janusnet has configurations for both hard copy and electronic information classification requirements for all state governments and the Commonwealth Email Protective Marking Standard (EPMS) which is a component of the PSPF.  Janusnet uses part of the EPMS for state government configurations. Find out how state agencies can gain productivity and security benefits, by using the EPMS as the basis for how your emails are protectively marked.

If you would like to discuss how Janusnet can help you comply with the WA Information Classification Policy requirements, or to obtain a fully working Janusseal evaluation with WAICP configuration, please contact us.

Discuss WAICP

Organise an evaluation