Information Technology Services (ITS) recently reviewed the Data Handling Procedure and Information Security Classification Procedure as part of our periodic review process, and we are seeking your feedback on the updated drafts.
- Information Security Classification Procedure – consultation draft
- Data Handling Procedure - consultation draft
Read about the key changes below.
The Information Security Classification Procedure defines criteria for classifying UQ information based on confidentiality. The updated procedure includes the following changes:
- Updated information on the security classifications – removed references to integrity and availability as this classification table is currently only based on confidentiality.
- Included information on defence and national security classifications (research).
- Minor updates to the classification descriptions.
- Updated classification names to align with Queensland’s classification framework and reduce confusion:
- Official Public – now Public, and
- Official Internal – now Official.
- Aligned definitions, roles and responsibilities with the framework and policy.
The Data Handling Procedure sets requirements for handling UQ data and information throughout its lifecycle, in accordance with its security classification. The updated procedure includes the following changes:
- Removed technical controls from the procedure which duplicated content from IT cyber security standards. This has significantly reduced the length of the document.
- The reworked procedure now focuses on controls and requirements for UQ staff more broadly. This includes focus on protecting personal information (better alignment with the Information Privacy Act), using UQ-approved IT services, data sharing agreements, and privacy impact assessments (PIAs).
- Referenced additional obligations that may arise from contracts and defence and national security research as well as other agreements.
- Updated guidance regarding PIAs and data sovereignty.
- Aligned definitions, roles and responsibilities with the framework and policy.
Please email any feedback or queries regarding the updated procedures to Data Strategy and Governance at datagovernance@uq.edu.au by Monday 9 October.
