Government security classifications e learning

Government Security Classifications
Welcome to this course on
Working with Security Classifications
This course teaches you
about the new Government
Security Classifications and
the importance of using
them correctly.

All of our information has value
and we need to look after it

Information has value
Information enables government to deliver services and protect our national interests. Just like buildings, people
or money, all information has value. Take a look at these examples.
Defence Equipment and Support
(DE&S) equip the UK’s armed forces,
but they would be unable to do this
without access to accurate and up-to-
date information
Military dogs provides valuable
capability to British patrols locating
improvised explosive devices and saving
many lives. The DE&S team scour the
globe, gathering information and
working with specialist companies to
provide trained dogs and put support
networks in place to ensure the welfare
of animals and handlers in difficult
conditions.
The Centre for Applied Science and
Technology (CAST) provides policy
makers with impartial and accurate
scientific and technical advice.
Information collected and analysed by
CAST has led to advances in
fingerprinting and forensics
technology, equipment to test drivers
for illicit drugs and new tools to aid
the policing of computer crimes such
as hacking and fraud – all providing
substantial benefits for UK law
enforcement.
The Child Maintenance Options
service has used key partnerships to
ensure that important information is
available to those that need it.
One such partnership was with the
popular parenting website Netmums,
where child maintenance and support
information was hosted directly on
the site. The impact of making this
information readily available was
significant. As estimated 35,000 more
children benefits in the first year
alone.

Looking after information is
your responsibility

How would you feel?
It is crucial to respect the information that we create or handle, as it can affect people in many ways. Look at the
example here.
I’m Dave. I
recently left some
paperwork lying
on my desk about
a disciplinary case
involving a
member of my
team.
I’m Victoria. I
heard about
Angela, it’s not
very nice what
other people in
the office are
saying about her
now.
I’m Angela. I hoped
no one would find
out about my
disciplinary. But the
other day I heard
people talking about
it. I’m really upset
and have spoken to
HR.
I feel really awful
that I left the
details about
Angel’s
disciplinary on my
desk. All of the
team know about
it and now HR
want to see me.
I’m Tom. I happened
to see some
documents on
Dave’s desk about
Angela. I wasn’t
looking for them
they were just lying
there for everyone
to see.
I’m Kate. Tom
told me about
Angela and I’m
really surprised
to hear that
about her.

Information and you
Think about the information you use. Which of the
following do you create or handle?
Whatever type of information you create or
handle, you are entrusted to look after it.
Information is your responsibility.
□ Information about members of the public
□ Information used by my organisation
□ Information about government policy
□ Information about public services or finances





Why we use security
classifications
Sometimes, information is sensitive or highly valuable
and needs to be handled with particular care. It’s then
important to tell this to anyone using the information.
The proper use of security classifications is essential
to good government, democracy and transparency.
If we are clear about what needs protecting, we can
be confident about sharing information responsibly
both within and outside government.

Think about how the way we work has changed
We need new ways of protecting information to
help us work securely and effectively today

Benefits
What do we need from the new security classifications?
We need a clearer, simpler system
that enables people to quickly and
with confidence decide how to
mark and protect sensitive
information. This will free up the
information we need to share so
that we can all collaborate
effectively and deliver high quality
public services.
Many of us are responsible for
looking after personal information.
This may belong to our colleagues
or members of the public. It is
critical that we are able to identify
this information so that it can be
protected appropriately.
The current system was originally
designed for paper documents.
While government still produces a
lot of paper, we could not work
without the computers that are
now available to us.
We need a simpler system that
allows us to get the most from
modern technology and suits are
new ways of working.
People expect the public sector to
work in an open and transparent
way. This means that we must be
able to show why we have made
decisions and also demonstrate that
we are spending public money
wisely.
It must be straightforward for us to
make this type of information
available to the public.
Simpler security classifications will
enable us to:
•Use cheaper and more modern IT
systems
•Allow us to identify different types
of information in a more intuitive
and meaningful way
•Make sure that sensitive
information receives the protection
it needs

So what will the new security
classifications look like?

OFFICIAL
The vast majority of public sector information and
routine government business will be OFFICIAL.
The classification OFFICIAL will cover most
information that is created, stored and processed by
the public sector. OFFICIAL information allows us to
deliver public services, work with foreign
governments and support the economy.

Information about
running public sector
organisations such as
corporate services and
administration.
Some examples of OFFICIAL information
Personal information
about members of the
public and people
working in the public
sector.
Commercial information
such as contracts and
procurement
documentation.
Information relating to
government policy.
Information about law
enforcement and policy
investigations.
Information about
international relations.

Identifying OFFICIAL
information
Not all OFFICIAL information that we work with will
be marked, but we must treat it all with care.
There is a small amount of OFFICIAL information
which is of a particularly sensitive nature. This
includes any information that is the event of loss or
inappropriate access could lead to damaging
consequences or distress. It is vital that this
information is identified so that others know when
to take extra care when handling it.
Sensitive OFFICIAL Information must always be
clearly marked as:
OFFICIAL – SENSITIVE
Your organisation or line manager will be able to
help you to understand where you need to use this
classification, but it is your responsibility to use it
correctly.

Loss or compromise of SECRET
information could directly threaten
the life of an individual, cause
serious harm to this effectiveness of
military operations or damage our
relations with foreign governments.
SECRET information must always be
clearly marked.
Highly sensitive defence
information relating to ongoing
operations and sensitive military
capabilities.
Highly sensitive diplomatic
information.
High sensitive information relating
to the investigation and prosecution
of serious organised crime.
SECRET
Very sensitive information which requires a high level of protection and care.

TOP SECRET
The most sensitive information that government
holds.
Compromise of TOP SECRET information could
directly threaten the national security of the UK,
cause long-term damage to our economy or lead to
widespread loss of life.
TOP SECRET information must always be clearly
marked.

It is vital that security classifications
are used correctly and clearly

More detail can be found in these leaflets
Please read this guidance carefully and speak to
your line manager if you have any questions

Scenario 1 – Getting it right
Take a look at why it is important to use security classifications.
John’s team is responsible for
conducting a survey of the public in
the local area. The data his team
collects is anonymous and does not
contain any sensitive information.
It is treated as OFFICIAL.
John’s team shares the survey data
with a research team in another
part of his organisation. Sarah
manages the research team. They
will use the survey data to create
information that will feed into
policy and decision making.
Sarah’s team collates the survey
data with information that had
been previously collected. The
resulting documents now contain a
great deal of information about
people in the local community,
including details about residents
that are vulnerable or from at-risk
groups.
Sarah decides that this data now
needs to be clearly identified so
that people using it will take extra
care. She tells her team to mark it
OFFICIAL – SENSITIVE.
Karen in Sarah’s manager. She’s
pleased that Sarah has taken
responsibility for marking the
information as OFFICIAL –
SENSITIVE.
If the information had been lost or
accidentally made available, it could
have caused distress to many
people. The reputational damage
would severely disrupt the ability of
the organisation to carry out vital
work in the future.

Consider the outcomes
It’s important to take responsibility for the information that you create or handle, as it can affect people in many
ways. Look at the example here.
I’m John. My team did
the right thing by not
using the OFFICIAL –
SENSITIVE
classification because,
at that stage, the
survey data was not
sensitive and di not
require it.
I’m Karen. If this research
data became available it
would have had a big
impact on the reputation
of the organisation.
I’m Gavin, the Head of the
Department. As the information
now has the correct security
classification it can be used to
help further research and to
develop policy, but will only be
accessed by those who need to
see it.
I’m Sarah. When the survey
data was combined with
existing data, I noticed it
became particularly sensitive.
It was important that my
team used the correct security
classifications so that this
information would be
properly handled and
protected.

Scenario 2 – Getting it wrong
What can happen if security classifications are not used correctly? Take a look at this example.
Andy circulates the minutes of a
meeting to the attendees, including
those that weren’t able to attend.
He fails to add a security
classification to the document or to
the covering email.
Dhruv couldn’t come to the meeting
but is sent the email and minutes.
Without first reading it himself, he
forwards it to everyone in his team.
Unfortunately, some of the
information is about a restructuring
that affects Dhruv’s team. People
are angry and upset that they heard
about it this way.
Dhruv’s team forward the email to
friends and colleagues. Soon there
are multiple copies of this email
across and outside the organisation.

Consider the consequences
I’m Dhruv. This is a real
mess. I should have read
the minutes before
sending it on but I was
busy and I like to keep my
team in the loop. There
was nothing to indicate
that the contents were
sensitive.
It’s me again, Dhruv. This
is going to take a long
time to sort out. My
team’s confidence in the
organisation has been
damaged. That makes it
much more difficult to
work effectively.
I’m Alice, the CEO.
The redundancy
rumours are ongoing
– not least because
the email has been
sent on to so many
people.. We are a
good employer but
this incident has led
to a general lack of
trust from our staff.
I’m Ingrid, one of
Dhruv’s team
members. I’m
furious about the
redundancies I’ve
heard about and so
are my colleagues.
I’m Andy Everyone thinks there
are redundancies looming, but
that just isn’t the case. Dhruv
should have explained this
properly to his team. I guess
that if I’d used the right security
classification on the email, then
Dhruv would have understood
the need to handle the contexts
with particular care.

It is your responsibility to mark information correctly
Check your organisation’s policies
If in doubt, ask

Summary
Let’s recap the key points:
•All information that we collect, store and work with
has value and should be cared for
•Everyone who works within government and the
public sector has a responsibility to safeguard
information
•Access to sensitive information should only be
provided to those that need it
•Most OFFICIAL information will be unmarked but
OFFICIAL – SENSITIVE information should always be
clearly marked
•Using security classifications properly is your
responsibility

Government security classifications e learning

More Related Content

Viewers also liked

Similar to Government security classifications e learning

Recently uploaded

Government security classifications e learning