8 Sensitive and classified information
- Download Policy 8 Sensitive and classified information [PDF 779KB]
- Download Policy 8 Sensitive and classified information [DOCX 1.5MB]
- Find out more
This policy details how entities correctly classify their information and adopt handling arrangements that guard against information compromise (as defined in Table 1).
Information is a valuable resource. Protecting the confidentiality, integrity and availability of information is critical to business operations:
- Confidentiality refers to the limiting of access to information to authorised persons for approved purposes.
- Integrity of information refers to the assurance that information has been created, amended or deleted only by the intended authorised means and is correct and valid.
- Availability of information refers to allowing authorised persons to access information for authorised purposes at the time they need to do so.
Each entity must:
- identify information asset holdings
- assess the sensitivity and security classification of information asset holdings
- implement operational controls for these assets proportional to their value, importance and sensitivity.
Supporting requirements help an originator (the Australian Government entity that initially generated the information) to maintain the confidentiality, integrity and availability of official information.
The originator must determine whether information being generated is intended for use as an official record and whether that information is sensitive or security classified.
The originator must clearly identify sensitive and security classified information, including emails, using applicable protective markings by:
The originator must remain responsible for controlling the sanitisation, reclassification or declassification of the information. An entity must not remove or change information's classification without the originator's approval.
Entities must ensure sensitive and security classified information is transferred and transmitted by means that deter and detect compromise.
Entities must ensure sensitive and security classified information is stored securely in an appropriate security container for the approved zone.
Entities must ensure sensitive and security classified information is disposed of securely. This includes ensuring sensitive and classified information is appropriately destroyed when it has passed minimum retention requirements or reaches authorised destruction dates.
Identifying official information
Official information is all information created, sent and received as part of work of the Australian Government. This information is an official record and it provides evidence of what an entity has done and why.
Official information can be collected, processed, stored and transmitted in many forms including electronic, physical and verbal (eg conversations and presentations).
The National Archives of Australia Australian Government Information Management Standard notes that business information is a valuable asset. It contributes to good government through supporting efficient business, informing decision-making, demonstrating government accountability and transparency, mitigating risks, adding economic value and protecting rights and entitlements.
All official information requires an appropriate degree of protection as information and assets are subject to intentional and accidental threats. In addition, related processes, systems, networks and people have inherent vulnerabilities. A deliberate or accidental threat that compromises information security could adversely impact on government business.
Definition of information compromise
Information compromise includes, but is not limited to:
How to assess information sensitivity or security classification
Who assesses information sensitivity or security classification
The person responsible for generating or preparing information on behalf of an entity (or for actioning information produced outside the Australian Government) assesses whether the information is sensitive or needs to be security classified. The Australian Government entity that prepared the information and made the initial sensitivity or security classification assessment is the originating entity, referred to as the originator.
Only the originator can change the sensitivity or security classification applied to its information. Classifications considered as inappropriate can be queried with the originator.
When to assess information sensitivity or security classification
Assessing the sensitivity or security classification of information when it is created helps protect the information. Limiting the quantity, scope, or timeframe of classified information is desirable (eg by setting a specific date or event for automatic declassification).1 Appropriately limiting classification of information:
- promotes an open and transparent democratic government
- provides for accountability in government policies and practices that may be subject to inappropriate or over-classification
- allows external oversight of government operations and programs
- promotes efficiency and economy in managing information across government.
Over-classification can result in:
- access to official information being unnecessarily limited or delayed
- onerous administration and procedural overheads that add to costs
- classifications being devalued or ignored by personnel and receiving parties.
Assessing whether information is sensitive or security classified
Requirement 2 mandates that the originator assesses the sensitivity or security classification of information by considering the potential impacts to national interest, organisations or individuals that could arise from compromise of the information's confidentiality.
The more valuable, important or sensitive the official information, the greater the level of business impact that would result from its compromise.
- The Australian Government uses three security classifications (PROTECTED, SECRET and TOP SECRET) based on the likely damage resulting from compromise of the information's confidentiality.
- Where information compromise would have some limited damage but does not warrant a security classification, that information is considered OFFICIAL: Sensitive.2
- Other information from routine business operations and services is OFFICIAL, and information that does not form part of official duty is UNOFFICIAL.
It is not consistent with this policy to apply a security classification to information where it:
- restrains competition
- hides violations of law, inefficiency, or administrative error to prevent embarrassment to an individual, organisation or entity
- prevents or delays the release of information that does not need protection in the national interest.
The Business Impact Levels tool (see Table 2) provides examples of potential damage from compromise of information's confidentiality. The tool assists in the consistent classification of information and the assessment of impacts on government business. The tool can also be used for secondary assessments of the potential damage from compromise of the availability or integrity of information.
The potential damage from compromise of information's confidentiality determines the classification of that information. If compromise of availability or integrity of information (described numerically, eg 1 Low business impact) has a higher impact than confidentiality compromise, additional security measures (such as ICT, personnel or physical controls) may be warranted.
Figure 1 Assessing whether information is sensitive or security classified3
Figure 1 notes:
iRequirement 8 mandates that caveats only appear in conjunction with a security classification.
iiThe information management markers reflect the Australian Government Recordkeeping Metadata Standard's 'Rights' property. While categorising information content by non-security access restrictions is not mandated as a security requirement, the 'Rights' property provides a standard set of terms ensuring common understanding, consistency and interoperability across systems and government entities. For guidance, see the PSPF policy: Access to information.
Table 2 Business Impact Levels tool – Assessing damage to the national interest, organisations or individuals
- Table 2 Business Impact Levels tool – Assessing damage to the national interest, organisations or individuals [PDF 181KB]
- Table 2 Business Impact Levels tool – Assessing damage to the national interest, organisations or individuals [DOCX 35KB]
How to handle sensitive and security classified inforation
Key operational controls to protect sensitive and security classified information include:
- identifying sensitive and security classified information:
- with a protective marking (see Identifying sensitive and security classified information with a protective marking)
- by creating an auditable record of all incoming and outgoing material, transfer, copy or movements for, at a minimum, TOP SECRET information and other accountable material (see Records of dissemination – audit, logs and Classified Document Register)
- limiting disclosure or access to sensitive and security information (see Limiting dissemination of sensitive and security classified information) to personnel with:
- a demonstrated need-to-know the content of the information
- an applicable security clearance
- transferring and transmitting information by means which deter and detect unauthorised access (see How to transmit or transfer sensitive and security classified information, or remove it from an entity facility)
- storing and using information securely (see How to use and store sensitive and security classified information)
- destroying and disposing of information by secure means (see How to dispose of sensitive and security classified information).
Identifying sensitive and security classified information with a protective marking
Requirement 3 mandates that the originator must clearly identify sensitive and security classified information by using applicable protective markings. Applying classification markings to security classified information, or the OFFICIAL: Sensitive dissemination limiting marker to sensitive information, indicates that the information requires protection.
The OFFICIAL marker may be used to identify information that is an Australian Government record. Use of this marker is not mandatory. Similarly, the UNOFFICIAL marker may be used to identify information generated for personal or non-work related purposes.
Applying a protective marking to information, including to attachments, in an easily identifiable way for information users (visually) and for systems (such as an entity's email gateway) helps to control information.
- For emails, entities apply an internet message header extension. This helps with construction and parsing by email gateways and servers and allows for information handling based on the protective marking. Where an internet message header extension is not possible, protective markings are placed in the subject field of an email. When printed, an email is considered a physical document; as such a visual presentation of the protective marking (such as a separate line in the email) is important.
- For guidance on email protective markings, see Annex B.
Requirement 3 indicates text-based protective markings are the preferred method to identify sensitive and security classified information. This includes associated metadata. To achieve clearly identifiable protective markings, the Attorney-General's Department recommends:
- using capitals, bold text, large font and a distinctive colour (red preferred), for example PROTECTED
- placing markings at the centre top and bottom of each page.
The order of precedence or hierarchy for protective markings is:
- classification (or the OFFICIAL: Sensitive dissemination limiting marker)
- foreign government information markings (if any)
- caveats or other special handling instructions (if any) then
- (optional) information management markers (if any).
Separating markings by a double forward slash helps to clearly differentiate each marking.
Marking each paragraph or section may be useful, although is not required by this policy. The paragraph or section with the most valuable, important or sensitive information (highest classification) dictates the document's classification.
Figure 2 Protectively marking physical (printed) information
Figure 3 Protectively marking an email
Requirement 3 mandates that, if text-based protective markings cannot be used (eg on certain media or assets), colour-based protective markings are used.
Table 3 Minimum protective markings for sensitive and security classified information
- Table 3 Minimum protective markings for sensitive and security classified information [PDF 159KB]
- Table 3 Minimum protective markings for sensitive and security classified information [DOCX 482KB]
Other markings, for example entity-specific markings, are not recognised by this policy. A standard set of markings ensures common understanding, consistency and interoperability across systems and government entities. Other markings may confuse users about appropriate handling protections.
Limiting dissemination of sensitive and security classified information
Need-to-know principle and dissemination/access restrictions
The vast majority of government information can be shared, where appropriate. The PSPF policy: Access to information states that:
Each entity must enable appropriate access to official information. This includes … ensuring that those who access sensitive or security classified information are appropriately security cleared and need to know that information.
Limiting access by staff and others (eg contractors) to information on a need-to-know basis guards against the risk of unauthorised access or misuse of information. The Attorney-General's Department recommends that entities consider staff access to OFFICIAL information on a need-to-know basis, although this is not a requirement of this policy.
PSPF policy: Access to information establishes the following disclosure requirements for sensitive and classified information:
- For Official: Sensitive information and all classified information, only allow access for personnel with a demonstrated need-to-know
- For all classified information only allow access for personnel with a valid personnel security clearance:
- A Baseline security clearance or above for ongoing access to PROTECTED information
- A Negative Vetting 1 security clearance or above for ongoing access to SECRET information
- A Negative Vetting 2 security clearance or above for TOP SECRET information
For guidance on obtaining a personnel security clearance, see PSPF policy: Eligibility and suitability of personnel.
Records of dissemination – audit, logs and Classified Document Register
An important protection is ensuring that dissemination of information is monitored and audited.
For accountable material, including TOP SECRET information and certain caveat material, requirement 8 mandates that entities maintain an auditable register (such as a Classified Document Register) of all incoming and outgoing material, transfers or copying. An auditable register is one that is subject to both a regular ongoing program of audit, as well as periodic spot checks. To conduct a spot check, personnel need to sight the documents (or a selection of documents) listed in the register and acknowledge this in writing.
The Attorney‑General's Department recommends that entities keep an audit log or register for documents at other classification levels (particularly the SECRET classification), or registered information received from other entities.
There may be other legislative requirements for record keeping. For example, under the Privacy (Australian Government Agencies – Governance) APP Code 2017 a Privacy Officer is required to maintain a record of an entity's personal information holdings and a register of privacy impact assessments.
Sanitising, declassifying or reclassifying information
Information may require modification (sanitising) to allow its wider distribution and potential use. Information can be changed to reduce its sensitivity or classification by editing, disguising or altering information to permit dissemination while protecting intelligence, sources, methods, capabilities, analytical procedures or privileged information. Once sanitised, the information can be declassified or reclassified (see Table 6).
Declassification is a process where information is reduced to OFFICIAL (an unclassified state) when it no longer requires security classification handling protections.
Reclassification is the administrative decision to change the security classification of information based on a reassessment of the potential impacts of its compromise.
Enabling wide use of government information provides substantial benefits, but there are risks involved. These risks vary with the nature of the information and the environment and purpose of the use. Where the adverse consequences of increased information access are considered high, the availability and access to the information will benefit from careful management.
The Productivity Commission Data Availability and Use report indicates that a wide range of government data can be shared. The availability and usefulness of data delivers benefits to the community, engenders community trust and confidence in how data is managed and used and preserves commercial incentives to collect, maintain and add value to data.
For example, there is potential for data relating to health service provider costs and performance, as well as de-identified linked data about health service recipients, that can be used for effective and targeted service interventions and improved health outcomes.
Identifying characteristics that appear predictive during data analysis analysis can provide valuable insights into the effectiveness of various policies and interventions, allowing new services to emerge in response to community demand.
By de-identifying the health service recipients' data or redacting sensitive personal details, the information is no longer considered to be OFFICIAL: Sensitive (as it does not include sensitive information under the Privacy Act or other measures of harm) and can be shared.
Requirement 4 mandates that the originator of the material remains responsible for controlling the sanitisation, reclassification or declassification of its material. No other entity may change the material's classification unless authorised to do so by the originator.
A declassification process includes:
- identifying if a specific date or event for automatic declassification has occurred:
- At initial classification, the originator sets a specific date or event for declassification based on an assessment of the period the information might cause damage.
- If the originator cannot decide on a specific date or event for declassification, declassification will align with the Archives Act 1983 open access period. For guidance, see the National Archives of Australia.
- regularly reviewing the classified information for continuing sensitivity (ie if the compromise of the information would still cause damage). These reviews can be done in line with the harm-based classification assessment described in Assessing whether information is sensitive or security classified:
- after a project is completed
- when a file is withdrawn from (or returned to) use.
- declassifying or reclassifying information to a lower classification when it no longer meets the harm-based classification tests described in Assessing whether information is sensitive or security classified.4
How to transmit or transfer sensitive and security classified information, or remove it from an entity facility
Information is at increased risk when it is in transit (eg sent across the internet, through a private network or between physical locations). Risk is heightened when information is transmitted outside of a controlled environment (eg when an entity does not have control over the entire transmission network). The Attorney‑General's Department recommends assessing risks of information transmission. Where an entity transfers or transmits sensitive or security classified information, Requirement 5 mandates using means that deter and detect compromise.
To ensure sensitive and security classified information is only transmitted or transferred to people with a need-to-know (see Table 4), entities are encouraged to identify information recipients by:
- a specific position, appointment or named individual
- a full location address (eg not a post office box for physical delivery as this may be unattended)
- an alternative individual or appointment where relevant (eg for TOP SECRET information).
The Attorney‑General's Department recommends obscuring the information's sensitivity or classification and using a tamper evident seal to deter and detect unauthorised access of sensitive and security classified information. Ways to achieve this include using:
- appropriate encryption methods5 when transferring information over a public network or through unsecured spaces
- double envelopes for physical information by placing security classified information and accountable material in two sealed envelopes:
- The inner envelope is used to give evidence of tampering, for example by sealing with a Security Construction and Equipment Committee (SCEC)-approved tamper evident seal so that any tampering is detected. The Attorney‑General's Department recommends marking the classification conspicuously on the inner envelope (eg at the top, bottom, front and back of the envelope).
- The outer envelope gives protection to the inner envelope. The Attorney‑General's Department recommends avoiding displaying any protective classification markings on the outer envelope.
- single-use envelopes approved by SCEC for:
- an inner envelope
- single opaque envelopes in place of a double envelope
- an outer envelope used to enclose a number of inner envelopes where initial delivery will be to a registry or similar
- a single paper envelope in conjunction with a security briefcase (refer to the SCEC-Security Equipment Guide on Briefcases for the carriage of security classified information) or approved multi-use satchels, pouches or transit bags (see the SCEC-approved security equipment evaluated product list).
Devices such as laptops, mobile phones and USBs can be used to transfer and transmit information. The requirement to deter and detect information compromise applies to sensitive and security classified information transferred on such devices. Ways to achieve this include password protection and remote wiping capabilities. For guidance see the PSPF policy: Robust ICT systems.
Ways to control the transmission and transfer of information include:
- use of receipts:
- Receipts identify the date and time of dispatch, the dispatching officer's name and a unique identifying number. The Attorney‑General's Department recommends using receipts for transmission or transfer of all classified information.
- Recording, or having a receipt system to document, every handover is another control mechanism (eg a two-part receipt placed in the inner envelope with the information means the addressee can keep one portion and sign and return the other to the sender).
- safe hand:
- Safe hand means information is dispatched to the addressee in the care of an authorised person or succession of authorised people who are responsible for its carriage and safekeeping.
- Sending information via safe hand establishes an audit trail that provides confirmation that the addressee received the information and helps to ensure the item is transferred in an authorised and secure facility or vehicle. To deter and detect any information tampering, at each handover, a receipt is obtained showing (at a minimum) the identification number, the time and date of the handover, and the name and signature of the recipient.
- Sending information via safe hand requires:
- a unique identification number; generally, this will be a receipt number
- that information be in a security briefcase (see the SCEC-Security Equipment Guide on Briefcases for the carriage of security classified information) or an approved mailbag (for information, see the SCEC-approved security equipment evaluated product list
- that information never be left unattended (except when placed in the cargo compartment of an aircraft).
- carriage by SCEC-endorsed commercial courier:
- A number of commercial courier services have been endorsed by SCEC. Contact ASIO-T4 by email firstname.lastname@example.org or see the ASIO-T4 Protective security circular (PSC) 172 (available on a need-to-know basis on Govdex) for advice on SCEC-endorsed commercial couriers.
- Commercial couriers can be useful in transferring valuable material such as pharmaceuticals and money (note SCEC-endorsed couriers are not assessed for the transfer of these items). Special arrangements, such as armed escorts, may be necessary in certain circumstances.
- Special handling requirements may apply to caveated information. This may preclude the use of a commercial courier when using certain caveats. For guidance on caveats, see Caveats and accountable material section.
Transmission or transfer of official, but not sensitive, information is on a common sense basis; the PSPF does not impose transmission or transfer requirements for this information. However, entities are encouraged to ensure that information is transferred or transmitted by means which deter and detect compromise.
Table 7 sets out specific transmission and transfer protections for sensitive and classified information.
Table 7 Minimum protections for information transmission and transfer
- Table 7 Minimum protections for information transmission and transfer [PDF 130KB]
- Table 7 Minimum protections for information transmission and transfer [DOCX 36KB]
How to use and store sensitive and security classified information
The Australian Government Information Management Standard requires that entities store information securely and preserve it in a usable condition for as long as required for business needs and community access. In accordance with the Information Management Standard, a secure and suitable storage environment is one that prevents unauthorised access, duplication, alteration, removal and destruction.
Ways that minimise duplication or alteration of information include:
- reproducing sensitive or security classified information only when necessary
- immediately destroying spare or spoilt copies (destruction is defined as 'normal administrative practice' in terms of the Archives Act and does not need specific permission from the National Archives of Australia). For guidance on destroying sensitive and security classified information, see Destroying sensitive and security classified information.
Securely storing sensitive and security classified official information protects the information from compromise. Requirement 6 mandates entities ensure sensitive and security classified information is stored securely in an appropriate security container for the approved zone. For guidance on physical security zones, see the PSPF policy: Entity facilities.
Minimum use and storage protections are set out in Table 8.
Table 8 Minimum use and storage protections for security classified information
- Table 8 Minimum use and storage protections for security classified information [PDF KB]
- Table 8 Minimum use and storage protections for security classified information [DOCX KB]
How to dispose of sensitive and security classified information
Not all information and records are kept forever. Information is managed for as long as it has business value; some information will have long-term historical and social value. Requirement 7 mandates that entities dispose of sensitive and security classified information in a secure manner. The careless disposal of classified or sensitive information is a serious source of leakage of information and can undermine public confidence in the Australian Government.
Under the Archives Act information disposal includes:
- its destruction
- the transfer of its custody or ownership or
- damage or alteration.6
Information disposal includes the physical destruction of paper records; destruction of electronic records including deleting emails, documents or other data from business systems; the transfer of records to another entity as the result of machinery of government changes; and transfer to the National Archives of Australia.
Under Section 24 of the Archives Act information disposal can only take place when it is:
- approved by the National Archives of Australian
- required by another law or
- part of normal administrative practices that the National Archives or Australia does not disapprove.
For guidance, see the National Archives of Australia website, Disposing of information.
Destroying sensitive and security classified information
A variety of methods can be used for secure destruction of information in physical form.
Requirement 7 mandates that information is disposed of securely. This policy does not impose minimum security requirements for how destruction of OFFICIAL or OFFICIAL: Sensitive information is to occur.
ASIO-T4 approves specifications for equipment used to destroy security classified information. Commonly used destruction methods include:
- pulverising using hammermills
- disintegrating by cutting and reducing the waste particle size
- shredding using crosscut shredders (strip shredders are not approved for destruction of security classified information).
Methods for destroying digital information include:
- digital file shredding
- degaussing by demagnetising magnetic media to erase recorded data
- physical destruction of storage media through pulverisation, incineration or shredding (the ISM provides guidance on sanitisation and destruction of ICT equipment and storage media)
- reformatting, if it can be guaranteed that the process cannot be reversed.
Commercial providers may be used to destroy classified information. The Attorney‑General's Department recommends that entities review the appropriateness of a commercial provider's collection process, transport, facility, procedures and approved equipment when considering external destruction services. These considerations can be made against ASIO-T4 Criteria – agency-assessed and approved destruction service. Appropriate procedures include:
- ensuring classified information is attended at all times and the vehicle and storage areas are appropriately secured
- ensuring that destruction is performed immediately after the material has arrived at the premises
- ensuring that destruction of classified information is witnessed by an entity representative
- ensuring destruction service staff have a security clearance to the highest level of security classified information being transported and destroyed, or appropriately security cleared entity staff escort and witness the destruction.
A number of commercial providers hold National Association for Information Destruction AAA certification for destruction service (with endorsements as specified in PSC 167 External destruction of security classified information). These commercial providers are able to destroy security classified information.
The Attorney‑General's Department recommends information classified TOP SECRET or accountable material be destroyed within entity premises; the originating entity may request notification of destruction. The originator of some accountable material may apply special handling conditions that prevent information destruction being contracted out.
Table 9 summarises minimum handling protections for disposal of physical sensitive and security classified information. Table 10 summarises minimum protections for disposal of ICT media and equipment.
Table 9 Minimum handling protections for disposal of sensitive and security classified information
- Table 9 Minimum handling protections for disposal of sensitive and security classified information [PDF 130KB]
- Table 9 Minimum handling protections for disposal of sensitive and security classified information [DOCX 485KB]
Table 10 Minimum handling protections for disposal of ICT media and equipment
- Table 10 Minimum handling protections for disposal of ICT media and equipment [PDF 140KB]
- Table 10 Minimum handling protections for disposal of ICT media and equipment [DOCX 483KB]
Caveats and accountable material
Certain information may have a caveat in addition to a security classification. The caveat is a warning that the information has special protections in addition to those indicated by the security classification. Table 11 details caveats commonly used across government. There are four broad types of caveats:
- sensitive compartment information (codewords)
- foreign government markings
- special handling instructions
- releasability caveats.
Accountable material is information that requires the strictest control over its access and movement. Accountable material includes:
- TOP SECRET security classified information
- some types of caveated information, being:
- all codeword information
- select special handling instruction caveats, particularly CABINET material at any security classification
- any classified information designated as accountable material by the originator.
What constitutes accountable material may vary from entity to entity and could include budget papers, tender documents and sensitive ministerial briefing documents.
Requirement 8 states that caveated material must be clearly marked and handled in accordance with the originator and the caveat holder's special handling requirements. Caveats are not classifications and must appear with an appropriate security classification.
Requirement 4 requires the originator's approval to remove or change a security classification applied to information. To be consistent with Requirement 4 the prior agreement of the originating entity also needs to be obtained to remove a caveat.
Classification handling requirements apply in addition to any special caveat requirements. Additional information about handling caveats is available in the Sensitive Material Security Management Protocol and Security Caveats Guideline on a need-to-know basis on Govdex.
Table 11 Caveats
What to do in the case of an emergency, breach or security violation involving classified information assets
Exceptional situations or emergencies may arise that prevent application of this policy. The PSPF policy: Reporting on security requires entities to report details on measures taken to mitigate or otherwise manage identified security risks.
The PSPF policy: Reporting on security also mandates that affected entities are advised of any unmitigated security risks. In line with this, the Attorney‑General's Department recommends entities report:
- any compromise of classified information to the information's originator as soon as practicable
- matters relating to national security (such as compromise of SECRET or TOP SECRET information) to the Director-General, Australian Security Intelligence Organisation.
Any compromise of any classified information is considered a security incident. The PSPF policy: Management structure and responsibilities requires entities to investigate, respond to and report on security incidents.
Find out more
Other legislation and policies that may be relevant to the handling of official government information include:
- the Archives Act and supporting Commonwealth records management policies such as:
- Australian Signals Directorate's Information Security Manual
- the Office of the Australian Information Commissioner for the Privacy Act, Guides and APP guidelines.
Annex A. Historical classifications and sensitivity markings
There are a number of historical security classifications and other protective markings no longer reflected in Australian Government policy.
- In some cases, equivalencies have been established with current sensitive or classified information levels, though re-marking of existing information is not necessary.
- In others, classifications are being 'grandfathered' for a set time period, with historical handling protections to remain.
Annex A Table 1 Historical classifications and sensitivity markings
- Annex A Table 1 Historical classifications and sensitivity markings [PDF 95KB]
- Annex A Table 1 Historical classifications and sensitivity markings [DOCX 38KB]
Annex A Table 2 Handling CONFIDENTIAL classified information
- Annex A Table 2 Handling CONFIDENTIAL classified information [PDF 87KB]
- Annex A Table 2 Handling CONFIDENTIAL classified information [DOCX 43KB]
Annex B. Email Protective Marking Standard for the Australian Government
Email Protective Marking Standard for the Australian Government
- Annex B Email protective marking standard [PDF 303KB]
- Annex B Email protective marking standard [DOCX 303KB]
1For guidance on declassification, refer to section Sanitising, declassifying or reclassifying information.
2Examples of OFFICIAL: Sensitive information may include:
- official information governed by legislation that restricts or prohibits its disclosure, imposes certain use and handling requirements, or restricts dissemination (such as information subject to legal professional privilege or some types of 'personal information', including 'sensitive information' under section 6 of the Privacy Act 1988 that may cause limited harm to an individual if disclosed or compromised). Where compromise of personal information, including sensitive information (under the Privacy Act) would lead to damage, serious damage or exceptionally grave damage, this information warrants classification. For example, financial details and tax file numbers, which are not sensitive information for the purposes of the Privacy Act, but the compromise of which may still lead to limited damage to individuals.
- commercial or economic data that, if compromised, would undermine an Australian organisation or company
- information that, if compromised, would impede development of government policies.
3There are historical security classifications and other protective markings (eg CONFIDENTIAL classification) that no longer reflect Australian Government policy. For assistance in applying appropriate handling protections (and assessing damage to the national interest, organisations or individuals) to historical classifications, see Annex A.
4,For information on assurance processes related to sanitisation and administrative decisions regarding the release and disposal of information, equipment or waste see the Information Security Manual.