Description
The Government is committed to the adoption of common NSW Standards for labelling and handling sensitive information. The NSW standards are closely aligned with the approach of the Commonwealth Government, which is already in use in some NSW Government agencies. Details of the new standards are provided in the attached 'Guide to Labelling Sensitive Information', which is also published at www.gcio.nsw.gov.au.
Detailed Outline
The Government is committed to the adoption of common NSW Standards for labelling and handling sensitive information. The NSW standards are closely aligned with the approach of the Commonwealth Government, which is already in use in some NSW Government agencies. Details of the new standards are provided in the attached 'Guide to Labelling Sensitive Information', which is also published at www.gcio.nsw.gov.au.
Agencies are to adopt information labelling in accordance with the 'Guide to Labelling Sensitive Information' when their migration to improved information security requires them to introduce sensitivity labelling.
Labelling sensitive information is an essential part of the national standard AS/NZS 27001:2005 Information technology - Security techniques - Information security management systems - Requirements and is therefore required in order to obtain certification to this standard. Premier's Memorandum M2007-04 refers to certification.
In adopting sensitive information labelling the following points should be noted:
- Agencies are to adopt information labelling in accordance with the 'Guide to Labelling Sensitive Information' when their migration to improved information security requires them to introduce sensitivity labelling.
- The Guide is consistent with the Freedom of Information Act, Privacy and Personal Information Protection Act, and the State Records Act.
- Agencies holding classified information from the Commonwealth Government are to continue to handle that information in accordance with Commonwealth requirements.
- Agencies are not to create their own labelling schemes but may adopt more stringent controls if they consider them appropriate.
- Agencies are not expected to review all their existing information holdings and label or re-label them.
Your cooperation in adopting the Guide will assist in demonstrating the Government's commitment to improved information security. Adoption of the Guide will also give agencies confidence that when they distribute sensitive information to other agencies it will be properly safeguarded.
C Gellatly
Director-General
Overview
Compliance
- Not Mandatory
AR Details
- Date Issued
- Dec 13, 2002
- Review Date
- Dec 31, 2014
- Replaces
-
- Replaced By
Contacts
- Contact
- Contact us
- Phone
- 02 9228 5555
- Publishing Entity
- Department of Premier and Cabinet
- Issuing Entity
- Department of Premier and Cabinet