Provides essential requirements for classifying, labelling and handling information assets that are owned, managed or handled by the Department of Education and Training and its service providers.
Statement of intent
Information assets (both paper-based and electronic) created, received or handled by the Department of Education and Training or its service providers are classified and processed according to a level of security, commensurate with the sensitivity and criticality of that information.
Information security classification categories are:
Public - Information made publicly available, or able to be released to the public, without having to refer the request to the Department's Freedom of Information (FOI) Officer.
Unclassified - Non-sensitive information that is created or received in the course of the business of the Department, and is used internally.
In-Confidence - Sensitive and confidential information that is created or received in the course of business and used internally. Information that, if released inappropriately, might cause limited damage to the Department or others.
Protected - Very sensitive and confidential information that, if released inappropriately, might cause damage to one or more parties.
Highly protected - Documents that contain very sensitive and confidential information that if that information were released in an inappropriate manner would result in substantial damage.
These classification categories are consistent with Commonwealth and State Government standards for the classification of information for security management purposes
Documents are marked with the information security classification that applies and handling practices ensure that the confidentiality of documents is preserved.
Responsibilities
Authors: - determine if a particular paper-based or electronic document has security implications
- mark document with appropriate information security classification, according to Information Security Classification Standard
- ensure that electronic documents have their information classification level displayed in a title page, watermark, and/or header or footer, and in accompanying metadata or document properties
- process document according to practices listed in Information Handling and Storage Matrix
57k
Branch Managers and Business Unit Managers: - ensure that IFM-PR-003: Classification and Handling of Information Assets is followed
- ensure that staff mark particular documents with an assigned information security classification and handle these documents according to practices listed in Information Handling and Storage Matrix 57k
- ensure that any changes to the classification applied to an information item that results in a lowering of the information security classification will be made through a formal approval process that involves author, and/or information owner
Cabinet Legislation Officer (CLLO): Director, Information Management Services:
Information owners and/or system owners:
-
-
ensure that information media items, i.e. CDs, DVDs, USB devices or flash drives, hard drives, magnetic tapes, floppy disks, memory cards etc. that have been used to store sensitive information are destroyed or are not be used for other purposes without being erased in accordance with established industry practice
-
ensure that methods for exchanging information with third parties are consistent with the Department's IFM-PR-003: Classification and Handling of Information Assets and ensure that confidentiality of information is maintained
Information Users:
-
-
ensure that electronic documents have their information classification level displayed in a title page, watermark, and/or header or footer, and in accompanying metadata or document properties
-
ensure that classification applied to an information item will not be changed whilst that item is being transferred to another location or between information systems
-
ensure that any changes to classification applied to an information item that results in a lowering of the information security classification will be made through a formal approval process that involves author, and/or information owner
Internal Auditors: Manager, Document Management Unit:
-
recommends classification levels to be used on Departmental documents and within Department's Electronic Document Management System (EDRMS)
-
provides advice on classification of particular information assets
Manager, Information Security:
- maintains Classification and Handling of Information Assets, as part of the Department 's Information Security Management Framework
Information owners and /or systems owners: Manager, Document Management Unit:
-
recommends classification levels to be used on Departmental documents and within Department's Electronic Document Management System (EDRMS)
-
provides advice on classification of particular information assets
Manager, Information Security:
- maintains Classification and Handling of Information Assets, as part of the Department 's Information Security Management Framework
Principals: -
ensure that Classification and Handling of Information Assets, is followed
-
ensure that staff mark particular documents with an assigned information security classification and handle these documents according to practices listed in the
Information Handling and Storage Matrix 57k -
ensure that information media items, i.e. CDs, DVDs, USB devices or flash drives, hard drives, magnetic tapes, floppy disks, memory cards etc. that have been used to store sensitive information are destroyed or are not be used for other purposes without being erased, in accordance with established industry practice
Assistant Director-General, Strategic Information and Technologies: - approves this procedure, and communicates content to relevant officers for implementation
Contacts
For information about Classification and Handling of Information Assets, contact:
Section 8 (1) http://www.legislation.qld.gov.au/LEGISLTN/CURRENT/P/PublicRecA02.pdf 
Other languages