Government of Canada Records Management Metadata Standard - sensitivity
[To be actioned by Treasury Board of Canada, Secretariat before publication]
The highest security classification or designation assigned within a record or file.
To enable records or files with access sensitivities to be appropriately identified, managed and handled.
To prevent the unauthorized disclosure of sensitive information.
To prevent unauthorized access to records or files.
"The regulatory environment, in which the organization operates, establishes broad principles on access rights, conditions or restrictions that should be incorporated into the operation of records systems…Records may contain personal, commercial or operationally sensitive information. In some cases, access to the records, or information about them, should not be permitted…. Ensuring appropriate access controls is done by assigning access status to both records and individuals." ISO International Standard 15489-1, s. 9.7
"Managing the access process involves ensuring that:
a) records are categorized according to their access status at a particular time,
b) records are only released to those who are authorized to see them,
c) encrypted records can be read as and when required and authorized,
d) records processes and transactions are only undertaken by those authorized to perform them, and
e) parts of the organization with responsibility for particular business functions specify access permissions to records relating to their area of responsibility." ISO International Standard 15489-1, s. 9.7
"Control measures such as access monitoring, user verification, authorized destruction and security should be implemented to prevent unauthorized access, destruction, alteration or removal of records." ISO International Standard 15489-1, s. 8.2.3
"Key elements of security metadata, such as basic access rights or restrictions, should be identified and applied at the point of record creation and capture in order to facilitate a record's ongoing preservation and management." ISO Technical Specification 23081-1, s. 184.108.40.206
"Access to records should only be restricted when there is a business need or when the law requires it. Security metadata should be monitored and updated to ensure the ongoing applicability of all identified restrictions…Security metadata need to be maintained and kept current throughout a record's existence." ISO Technical Specification 23081-1, s. 220.127.116.11
Enumerated strings of text representing security classifications.
Applicable at record level and file level.
Mandatory at record level; mandatory at file level.
Government Security Policy (GSP)
Access Rights; Event Type; Location; Releasable To; Security Clearance
Conditions of Application - Record
Text, based on encoding scheme.
Pre Record Declared Locked
Post Record Declared Locked
Yes, by authorized official only
Conditions of Application - File
Text, based on encoding scheme.
Yes, by authorized official only.
Comments and Guidance
a) Explanation of Definition/Usage
This element is used to identify the security level of the record or file.
b) Best Practices
Institutions managing classified or protected materials are required to ensure that the materials are given the appropriate levels of protection to prevent their unauthorized disclosure and subsequent damage to national or non-national security interests.
The Government of Canada Security Policy obligates institutions to identify information and other assets when their unauthorized disclosure, with reference to specific provisions of the Access to Information Act and the Privacy Act, could reasonably be expected to cause injury to:
The change of Sensitivity will have a direct impact on the element Releasable To and therefore, institutions will require business rules to ensure that these two elements remain in sync. Only an authorized official may change the value of this element for a file or for a record once it has been locked. Such changes would accommodate the security reclassification of the record or file. In some cases, this may result in the modification of the record content as well as the metadata record.
This element is mandatory to ensure that sensitive records are controlled properly.
d) Default Values/Auto-populate
The default value for this element could be set to "Unclassified". The default value can be changed and set by the institution according to the security domain within which it operates. The default value should be used with caution.
This element is linked to the agent elements, Security Clearance and Access Rights. It is a combination of these three concepts that determines an individual's access to records. This element is also linked to Location because sensitive information requires explicit location information. It is also linked to Releasable To because the sensitivity of the record will have an impact on who can see it.
Finally, Sensitivity is linked to the element Event Type in cases where a change to the status of the record or file must be noted in the management and event history log.