The Western Australian Information Classification Policy

Image of Government House, Western Australia courtesy of JarrahTree/commons.wikimedia.org, CC BY 2.5 AU 

The Western Australian Government launched the Western Australian Information Classification Policy in August 2020. It provides a standard for agencies to protect, store and share their information assets. It's part of the Office of Digital Government's (DGov) review of the WA Digital Strategy 2016-2020.  

The objectives of the Policy are to provide a common language for Western Australian public sector agencies to:

  • clearly and consistently identify the sensitivity of their information
  • apply appropriate protective security measures
  • communicate the sensitivity of information within the agency, with other agencies, and third-party organisations (where relevant)
  • increase the security literacy and awareness of the workforce.

The use of protective markings (security classification labels) as an effective means to maintain data confidentiality and prevent data leakage is well established in national government circles, when dealing with both hardcopy and electronic information. 

PROTECTIVE MARKINGS IN USE IN WESTERN AUSTRALIA

Under the policy, agencies are required to comply with three classifications mandated by the requirements of the Digital Security Policy.  They are:

  • UNOFFICIAL
  • OFFICIAL
  • OFFICIAL: Sensitive

These align with the Australian Government's protective markings for non-security classified information in its Protective Security Policy Framework (PSPF). The majority of information created or processed by agencies is OFFICIAL. This includes content relating to routine business operations and services.

OFFICIAL: Sensitive is information that due to its sensitive nature requires application of appropriate protective security measures and limited dissemination. For the protection of COMMONWEALTH SECURITY CLASSIFIED information, agencies are required to comply with the provisions of the relevant inter-jurisdictional agreement(s).

Protective Marking

Business Impact Level

Description

UNOFFICIAL

0

UNOFFICIAL information refers to content that is not related to official work duties or functions.
Examples can include an invitation to a coffee catch-up with a friend, or discussions relating to out of work activities or schedules.

OFFICIAL

1

OFFICIAL information refers to the majority of government information created, used or handled by agencies.
This may include content relating to routine business operations and services and information in a draft format (not otherwise captured by higher-level business impacts). If authorised for unlimited public releases, information at this level may be published publically.
Information compromise would result in limited or no damage to a business, an entity or an individual (or those associated with them).

OFFICIAL: Sensitive

2

OFFICIAL: Sensitive Information identifies ‘sensitive’ material created, used or handled by agencies. This may include content that has limitations restricting its use, disclosure or dissemination.
Information compromise would result in significant damage to a business, an entity or an individual (or those associated with them).

DGov has published several publications to support the Information Classification Policy. The table above is expanded in the Business Impact Levels Tool publication and is supported by an assessment Process Flow Chart which helps to clarify which protective marking should be applied.  

Janusnet has configurations for both hard copy and electronic information classification requirements for all state governments and the Commonwealth Email Protective Marking Standard (EPMS) which is a component of the PSPF.  Janusnet uses part of the EPMS for state government configurations. Find out how state agencies can gain productivity and security benefits, by using the EPMS as the basis for how your emails are protectively marked.

If you would like to discuss how Janusnet can help you comply with the WA Information Classification Policy requirements, or to obtain a fully working Janusseal evaluation with WAICP configuration, please contact us.

Discuss WAICP

Organise an evaluation