Definitions
Accountable material: In the Guidelines the term accountable material means particularly sensitive information requiring strict access and movement control. Such items are recorded in a central register in each holding organisation.
Investigative agency:
The Privacy and Personal Information Protection Act 1998 No 133 define an investigative agency as:
a. meaning any of the following:
- Ombudsman’s Office
- Independent Commission Against Corruption
- Inspector of the Independent Commission Against Corruption
- Law Enforcement Conduct Commission
- Inspector of the Law Enforcement Conduct Commission and any staff of the Inspector
- Health Care Complaints Commission
- Office of the Legal Services Commissioner
- Ageing and Disability Commissioner
- Children’s Guardian
- a person or body prescribed by the regulations for the purposes of this definition.
b. any other public sector agency with investigative functions if:
- those functions are exercisable under the authority of an Act or statutory rule (or where that authority is necessarily implied or reasonably contemplated under an Act or statutory rule)
- the exercise of those functions may result in the agency taking or instituting disciplinary, criminal or other formal action or proceedings against a person or body under investigation.
c. a public sector agency conducting an investigation on behalf of an agency referred to in paragraph (a) or (b).
Law enforcement agency means:
a. the NSW Police Force or the police force of another state or territory or of an overseas jurisdiction
b. the Australian Federal Police
c. the New South Wales Crime Commission
d. the Australian Criminal Intelligence Commission
e. any other authority or person responsible for the investigation or prosecution of offences against the laws of the state or of the Commonwealth, another state or territory or an overseas jurisdiction.
Need-to-know: The term need-to-know means that access to information should be limited to those that need to know or use it. It is applied at the level of specific individuals and applies to all types of sensitive information. Agencies should take all reasonable and appropriate precautions to ensure that only people with a proven need to know gain access to sensitive and security classified information. People are not entitled to access information merely because it would be convenient for them to know or because of their status, position, rank or level of authorised access.
Originator: The person or agency responsible for generating, preparing or actioning information is called the Originator.
Safe hand: Carriage of protectively marked information by safe hand means it is despatched to the addressee in the care of an authorised officer or succession of authorised officers who are responsible for its carriage and safekeeping (see the Protective Security Policy Framework for guidance).
Security zones: The 16 Entity facilities policy describes a consistent and structured approach to be applied to building construction, security zoning and physical security control measures of entity facilities. This ensures the protection of Australian Government people, information and physical assets secured by those facilities.
When designing or modifying facilities, entities must:
• secure and control access to facilities to meet the highest risk level to entity resources
• define restricted access areas as detailed below.
Zone Name | Zone Definition |
Zone 1 | Public access. |
Zone 2 | Restricted public access. Unrestricted access for authorised personnel. May use single factor authentication for access control. |
Zone 3 | No public access. Visitor access only for visitors with a need to know and with close escort. Restricted access for authorised personnel. Single factor authentication for access control. |
Zone 4 | No public access. Visitor access only for visitors with a need to know and with close escort. Restricted access for authorised personnel with appropriate security clearance. Single factor authentication for access control. |
Zone 5 | No public access. Visitor access only for visitors with a need to know and with close escort. Restricted access for authorised personnel with appropriate security clearance. Dual factor authentication for access control. |
Acronyms
BIL: Business impact levels tool – this tool can be used to assess the potential damage to the national interest, government, organisations or individuals, of unauthorised release of information.
Cth: Commonwealth – referring to the Commonwealth Constitution.
DLM: Dissemination limiting marker.
eCabinet: This is the name of the information management system managed by the NSW Department of Premier and Cabinet.
IMM: Information management markers.
MOU: Memorandum of understanding.
PSPF: Protective Security Policy Framework. This framework was developed by the Australian Government Attorney-General’s Department and consists of a number of policy documents which describe the governance, information, personnel and physical requirements to protect people, information and assets, at home and overseas.
Last updated 18 Jul 2024