Business Impact Level App
Disclaimer: The Commonwealth Protective Security Policy Framework (PSPF) has recently issued a policy update recognising OFFICIAL: Sensitive as a security classification. As OVIC aligns with the protective marking scheme of the PSPF, OVIC will be updating its guidance material and associated resources (BIL app, etc.) in due course to reflect these changes.
The change does not:
- trigger changes to the Commonwealth Email Protective Marking System (EPMS)and OVIC’s Technical Specification for Email Protective Markings, as OFFICIAL: Sensitive is already treated as a security classification within these documents
- change the access to information security clearance requirements for OFFICIAL: Sensitive, as employment screening for entity personnel remains sufficient
- change minimum protections and handling requirements for OFFICIAL: Sensitive detailed in Annexes A-C of PSPF policy 8, and
- require changes to the Australian Government Security Caveat Guidelines, as caveats that allow use with OFFICIAL: Sensitive are already indicated.
Business Impact Levels (BIL) are used to determine the security value of public sector information. BILs describe the potential harm or damage to government operations, organisations or individuals if there were a compromise to the confidentiality, integrity or availability of public sector information.
What does the BIL app do?
- Presents the VPDSF BIL table in a digital, sequenced format;
- Helps users conduct an information security value assessment; and
- Allows users to send themselves a copy of the assessment results.
How does it work?
The app helps users conduct an information security value assessment process by stepping through each of the impact categories presented in the BIL table. Under each impact category users need to consider the potential impact across five severity levels, if the –
- Confidentiality (C);
- Integrity (I); or
- Availability (A) of public sector information were compromised.
The outcome of this assessment determines:
- if the information requires a protective marking and what that marking is; and
- whether any additional security measures are required to further protect the information, beyond those established by the protective marking.
Users who conduct an information security value assessment using the app, will also be presented with an option to email themselves a copy of the assessment results.
Where can I download the BIL app?
Who do I contact if I need help with the app?
Contact OVIC’s Information Security Unit at firstname.lastname@example.org.