Government of Canada Records Management Metadata Standard - encryptionDescription
[To be actioned by Treasury Board of Canada, Secretariat before publication]
Information or pointers to information, about how a record is systematically scrambled.
To enable decryption (and hence, access) if the record is stored in the EDRMS in an encrypted state.
To enable re-encryption if the record is stored in the EDRMS in a decrypted state, but needs to be moved to another EDRMS or location.
"The regulatory environment, in which the organization operates, establishes broad principles on access rights, conditions or restrictions that should be incorporated into the operation of records systems…Records may contain personal, commercial or operationally sensitive information. In some cases, access to the records, or information about them, should not be permitted….Ensuring appropriate access controls is done by assigning access status to both records and individuals." ISO International Standard 15489-1, s. 9.7
"Managing the access process involves ensuring that:
a) records are categorized according to their access status at a particular time,
b) records are only released to those who are authorized to see them,
c) encrypted records can be read as and when required and authorized,
d) records processes and transactions are only undertaken by those authorized to perform them, and
e) parts of the organization with responsibility for particular business functions specify access permissions to records relating to their area of responsibility." ISO International Standard 15489-1, s. 9.7
"Control measures such as access monitoring, user verification, authorized destruction and security should be implemented to prevent unauthorized access, destruction, alteration or removal of records." ISO International Standard 15489-1, s. 8.2.3
"Key elements of security metadata, such as basic access rights or restrictions, should be identified and applied at the point of record creation and capture in order to facilitate a record's ongoing preservation and management." ISO Technical Specification 23081-1, s. 220.127.116.11
Non-enumerated strings of text.
Applicable at record level only.
Optional at record level.
Conditions of Application - Record
Pre Record Declared Locked
Post Record Declared Locked
Yes, by authorized official only.
Conditions of Application - File
Comments and Guidance
a) Explanation of Definition/Usage
This element can be used either to record the encryption details themselves (if the EDRMS is considered sufficiently secure), or to record the location of the encryption details that are stored outside the EDRMS.
b) Best Practices
If encryption is used, details need to be recorded about the public and private keys, and the Certification Authority which has authorized, and which vouches for, the identity of the key holders. These details are required in order to restrict or enable access to the encrypted record.
It is recommended that information regarding private keys never be held within the EDRMS.
It is important for an institution to understand that encryption affects the information management lifecycle of a record, in that future use of the record will rely on the encryption key that is applied to that record. Further, transfer of the record may require decryption. Institutions are encouraged to create business rules to ensure procedures are in place to decrypt a record in a timely fashion.
Once an encrypted record is locked and the description supplied, the value of this element may be modified by an authorized official only. Such modification may be necessary, as stated above, to provide details about decrypting a record for transfer to Library and Archives Canada. Alternatively, in some cases, a locked non-encrypted record may need to be encrypted for transfer outside the GC; the details of the encryption would then have to be recorded in this element.
It is important to note that in the cases cited above, both the metadata record and the record itself are actually being modified.
This element is descriptive in nature and therefore is optional; it is not a core records management requirement.
The contents of this element will be unique to the situation; hence, it cannot be defaulted or auto-populated.
This element is intrinsically linked to the Encryption Status element.