Library and Archives Canada
Symbol of the Government of Canada

Institutional links

Government

Previous | Table of Contents | Next

8. Details of Individual Metadata Elements

8.41 Security Clearance

Attributes

Attribute

Value

Identifying Attributes

Name

securityClearance

Label

Security Clearance

Defined by

Government of Canada Records Management Metadata Standard - securityClearance

Element URI

[To be actioned by Treasury Board of Canada, Secretariat before publication]

Definitional Attributes

Definition

The level of security clearance held by an individual.

Purpose

To provide details about the security level of the individual who took an action on a specific record or file.

To support audit of records management processes.

To enhance the security and control of records by limiting access based on security levels of individuals.

Rationale

"The regulatory environment, in which the organization operates, establishes broad principles on access rights, conditions or restrictions that should be incorporated into the operation of records systems…Records may contain personal, commercial or operationally sensitive information. In some cases, access to the records, or information about them, should not be permitted…. Ensuring appropriate access controls is done by assigning access status to both records and individuals." ISO International Standard 15489-1, s. 9.7

"Managing the access process involves ensuring that:…
b) records are only released to those who are authorized to see them,
d) records processes and transactions are only undertaken by those authorized to perform them…" ISO International Standard 15489-1, s. 9.7

"Security metadata should …ensure that records can only be accessed by authorized personnel…" ISO Technical Specification 23081-1, s. 9.2.4.1

Value Domain

Enumerated strings of text representing security clearances.

Datatype Name

String

Constraint

Not applicable

Obligation

Mandatory

Relational Attributes

Encoding Scheme

Government Security Policy (GSP)

Linkages

Access Rights; Agent Individual Identifier; Agent Individual Name; Sensitivity

Conditions of Application - Record

Format

-

Modifiable

Pre Record Declared Locked

Pre Record Declared Locked

-

-

Occurrence

-

Conditions of Application - File

Format

-

Modifiable

-

Occurrence

-

Comments and Guidance

a) Explanation of Definition/Usage

This element defines the security level held by an individual, thereby determining the individual's right to perform an action on a record or file on a need-to-know basis.

This element has a different function than other elements in that it applies only to the individual, not to the file or record. In the above table, the constraint for these levels is "Not applicable". While this element is not applied to the record or file in any way, it is still important for the security and integrity of the record or file. The security level of the individual will be matched against the Sensitivity level of the record or file to determine the individual's right to perform an action on a record or file on a need-to-know basis.

b) Best Practices

This element will not play a part in determining access to internally sensitive records and files such as budgets, memos, etc. Institution-specific business rules and policies will determine which internally sensitive files an individual is allowed access to.

Recommended best practice is to select a value from the Government Security Policy. The list of available security levels is dictated by the Government Security Policy.

Just as with the Agent elements, the Security Clearance of an individual must be maintained for audit and evidentiary purposes and will therefore be part of the management and event history log.

It is up to the institution to determine how to implement the management and event history log. Each time an individual performs an action on a record or file, the Security Clearance of the individual may be written to the log of the record or file, or alternatively, only one element (e.g. Agent Individual Identifier) may be written to the log of the record or file yet permit linkage to a separate Security Clearance table within the database containing the Security Clearance of the individual. If this table is maintained in a way that results in a separate entry in the table for each change to an individual's security clearance, a "snapshot" of an agent's status can always be retrieved for evidentiary purposes.

In this scenario, when moving records and files out of the institution, the information about the individual's security clearance must be moved also in order to properly maintain the integrity of the management and event history log of the records and files.

An authorized official only may modify the value for this element in an individual's profile.

c) Obligation

This element is mandatory in order to ensure access is granted at the correct level.

d) Default Values/Auto-populate

The value will be auto-populated according to the profile of the person.

e) Linkages

This element is linked to the agent elements, Sensitivity and Access Rights. It is a combination of these three concepts that determines an individual's access to records.

f) Examples

  1. "Reliability"

  2. "Secret"

  3. "Top Secret"

Previous | Table of Contents | Next