This reference describes the four levels of security classifications that Alberta Gaming, Liquor and Cannabis (AGLC) applies to data and information. Classifying data and information is the first step in ensuring the confidentiality, integrity, trustworthiness, availability and protection of privacy of AGLC data and information. These standards are in alignment with the Government of Alberta (GoA) and the Government of Canada’s information security classification scheme.
Relation to Previous Classification Standard
Some data and information within AGLC may already have a security classification attached to it as a result of the previous Information Security Classification Standard used by AGLC and GoA. The table below maps the categories from the previous standard to the new standard.
Previous Classification Standard |
|
New Classification Standard |
Unrestricted |
→ |
Public (available to employees & public) |
Protected |
→ |
Protected A (available to employees and stakeholders on a need to know basis) |
Confidential |
→ |
Protected B (available only to specific functions, groups or roles) |
Restricted |
→ |
Protected C (available to specified positions only) |
Below are the four data and information security classification levels used to classify all data and information assets received, created, stored by or retained by AGLC.
Data & Information Security Classification Levels
Classification Level | Description | Example of Risk Impacts |
---|---|---|
Public |
Applies to information assets that will not result in injury to individuals, governments or to private sector institutions; and financial loss will be insignificant. |
|
Protected A |
Applies to information assets that, if compromised, could cause injury to an individual, organization or government. |
|
Protected B |
Applies to information assets that, if compromised, could cause serious injury to an individual organization or government. |
|
Protected C |
Applies to information assets that, if compromised, could cause extremely grave injury to an individual, organization or government. |
|
The above standards apply to all departments defined under schedule 11 section 14(1) of the Government Organization Act.
Storing & Access of Information
AGLC information assets are stored and controlled in a manner consistent with their classification.
Classification | Storing Print/Hard Media | Storing Digital Files | Access Restrictions |
---|---|---|---|
Public |
|
|
|
Protected A |
|
|
|
Protected B |
|
|
|
Protected C |
|
|
|
Responsibilities
AGLC employees are responsible for ensuring the security of data and information and data and information technology systems.