Library and Archives Canada
Symbol of the Government of Canada

Institutional links

Government

Previous | Table of Contents | Next

8. Details of Individual Metadata Elements

8.22 Encryption Status

Attributes

Attribute

Value

Identifying Attributes

Name

encryptionStatus

Label

Encryption Status

Defined by

Government of Canada Records Management Metadata Standard - encryptionStatus

Element URI

[To be actioned by Treasury Board of Canada, Secretariat before publication]

Definitional Attributes

Definition

An indicator that a record is systematically scrambled so that it cannot be read without knowing the coding key.

Purpose

To identify whether or not a record is encrypted.

Rationale

"The regulatory environment, in which the organization operates, establishes broad principles on access rights, conditions or restrictions that should be incorporated into the operation of records systems…Records may contain personal, commercial or operationally sensitive information. In some cases, access to the records, or information about them, should not be permitted….Ensuring appropriate access controls is done by assigning access status to both records and individuals." ISO International Standard 15489-1, s. 9.7

"Managing the access process involves ensuring that:
a) records are categorized according to their access status at a particular time,
b) records are only released to those who are authorized to see them,
c) encrypted records can be read as and when required and authorized,
d) records processes and transactions are only undertaken by those authorized to perform them, and
e) parts of the organization with responsibility for particular business functions specify access permissions to records relating to their area of responsibility." ISO International Standard 15489-1, s. 9.7

"Control measures such as access monitoring, user verification, authorized destruction and security should be implemented to prevent unauthorized access, destruction, alteration or removal of records." ISO International Standard 15489-1, s. 8.2.3

Value Domain

Yes/No or On/Off representations.

Datatype Name

Boolean

Constraint

Applicable at record level only.

Obligation

Optional at record level.

Relational Attributes

Encoding Scheme

-

References

-

Linkages

Encryption Description; Event Type; Sensitivity

Conditions of Application - Record

Format

Yes/No or On/Off representations.

Modifiable

Pre Record Declared Locked

Post Record Declared Locked

Yes

Yes, by authorized official only.

Occurrence

Not repeatable

Conditions of Application - File

Format

-

Modifiable

-

Occurrence

-

Comments and Guidance

a) Explanation of Definition/Usage

The purpose of this element is simply to identify whether or not a record is encrypted. It is not intended to identify how the record is encrypted or the security level of the encryption. Details of what constitute a reliable encryption will be determined by each institution.

b) Best Practices

Recommended best practice is to use a Boolean indicator (i.e. Yes/No or On/Off) to identify the presence of an encrypted record.

It is important for an institution to understand that encryption affects the information management lifecycle of a record, in that future use of the record will rely on the encryption key that is applied to that record. Further, transfer of the record may require decryption. Institutions are encouraged to create business rules to ensure procedures are in place to decrypt a record in a timely fashion.

Once an encrypted record is locked, the value of this element may be modified by an authorized official only. Such modification may be necessary, as stated above, to indicate that an encrypted record was decrypted for transfer to Library and Archives Canada. Alternatively, in some cases, a locked non-encrypted record may need to be encrypted for transfer outside the GC.

It is important to note that in the cases cited above, both the metadata record and the actual record itself are being modified.

c) Obligation

Encryption Status is generally handled by a document management system and is not a records management specific requirement; therefore, this element is optional.

d) Default Values/Auto-populate

Given that in most applications, this element is simply a flag; the default setting will indicate that the record is not encrypted.

e) Linkages

This element is intrinsically linked to the Encryption Description element. Institution-specific business rules may dictate that information of a certain sensitivity level be encrypted, hence a link to the element Sensitivity.

Encryption Status is linked to the element Event Type in cases where a change to the status of the record must be noted in the management and event history log.

f) Examples

  1. "Yes"

  2. "No"

  3. "On"

  4. "Off"

Previous | Table of Contents | Next