Security in the Government Sector
Protect - Detect - React
www.security.govt.nz

Within this section:
Classified Material
Annex A - Management of Material Classified as IN CONFIDENCE
Annex B - Management of Material Classified as SENSITIVE
Annex C - Management of Material Classified as RESTRICTED
Annex D - Management of Material Classified as CONFIDENTIAL
Annex E - Management of Material Classified as SECRET
Annex F - Management of Material Classified as TOP SECRET
Annex G - Endorsements that may be Applied with any Security Classification

Chapter 3: Information Classification

Classified Material

1. For this manual, "classified material" means:

classified information in hard copy
classified information in electronic form
classified equipment.

Inventory of Classified Material

2. Compiling an inventory of classified information and equipment is an important part of risk management. The level of protection required is determined by the importance of the material in the inventory.

3. Generally, the value of material matches its security classification. However, some material without a security classification may have value in terms of time, cost or effort in replacing if lost or corrupted.

Classification Guidelines

General

4. "Official information" is any information developed, received or collected by or on behalf of the Government. As a valuable official resource, official information must be:

handled carefully, according to authorised procedures
made available only to people who have a legitimate "need to know", to fulfil their official duties
released only in accordance with the policies, legislative requirements and directives of the Government and the courts.

Official Information Act

5. The system of classification for the protection of official information is based on:

the Official Information Act 1982
the principle that official information should be made available to the public unless there are good reasons to withhold it.

6. Classifications alone do not justify withholding official information. All requests for information, regardless of classification, must be considered using the criteria in the Official Information Act 1982.

7. Information that does not need to be classified is referred to as "unclassified".

8. Generally, staff must not disclose or make use of information unless authorised by:

the Official Information Act 1982, for official information
the Privacy Act 1990, for personal information.

Purpose of Classification

9. A security classification specifies how people must protect the information and equipment that they handle. The classification system limits access to that information and equipment through a series of procedural and/or physical barriers.

10. In general, information to be protected is either:

"Policy and Privacy" information, for which compromise does not threaten the security of the nation, but rather the security or interests of individuals, groups, commercial entities, government business and the community.
"National Security" information, for which compromise could affect the security or defence of New Zealand or the international relations of the Government of New Zealand.

11. Other, unclassified official information may still need protection and management. For example, information hosted on government websites especially needs protection and management to assure authenticity and prevent tampering.

Security Classifications

12. The security classification system for government organisations follows the Cabinet decision of December 2000 [ CAB(00) M42/4G(4)] . The guidelines are not prescriptive - they are to help classify material, based on risk assessment of how much damage or prejudice would result from compromising specific content. For more information on risk assessment as part of security risk management, see the NZSIS Protective Security Manual.

Policy and Privacy Information

13. Security classifications for material that needs to be protected because of public interest or personal privacy are:

IN CONFIDENCE (see Annex A to this Chapter)
SENSITIVE (see Annex B to this Chapter).

National Security Information

14. Security classifications for material that needs to be protected because of national security are:

RESTRICTED (see Annex C to this Chapter)
CONFIDENTIAL (see Annex D to this Chapter)
SECRET (see Annex E to this Chapter)
TOP SECRET (see Annex F to this Chapter).

Endorsement Markings

15. Endorsement markings may be used along with security classifications to identify protected information. Endorsement markings may indicate:

the specific nature of information
temporary sensitivities
limitations on availability
how recipients should handle or disclose information.

16. Use endorsement markings only when there is a clear need for special care. For a list of standard endorsements and their meanings, see Annex G to this Chapter.

Authority to Classify

17. Chief Executives and heads of government departments and agencies, State Owned Enterprises and Crown Entities are vested with the authority to classify material using the approved classifications.

18. Chief Executives and heads may delegate authority to classify to senior staff, but sparingly. In particular, only appropriate senior staff should be given authority to classify material SECRET or TOP SECRET. It is important to avoid unwarranted application of these classifications by less experienced staff.

Importance of Correct Classification

19. Selecting the most appropriate classification is critical because:

under-classifying can have the direct and obvious consequences of inadequately protected material
over-classifying can mean unnecessary, expensive protection for material and loss of properly classified material among improperly classified material.

20. Over-classifying may stem from:

genuine doubt about the classification prescriptions
personal uncertainty
a tendency to play safe.

Guidance to Staff

21. The most effective measure to prevent over-classification is issuing detailed guidance on the correct use of classifications.

22. Each organisation should supplement the standard definitions with up-to-date examples of the correct and incorrect use of classifications, drawn from its own field of activity. The definitions of the security classifications together with the examples should be given to all staff who classify information.

23. Security training should stress the importance of selecting the most appropriate classification. Staff should be reminded that the likely damage caused by unauthorised disclosure is included in the definition of a classification.

Measures to Reduce Over-Classification

24. Where appropriate and practical, organisations should:

encourage staff to challenge questionable classifications
have line managers check classifications routinely
in security instructions, clearly define how the Chief Executive or head delegates authority for classification
in complex documents such as books, reports, memoranda or minutes of meetings, separately classify each chapter, section, page or paragraph; this can be indicated by inserting the appropriate classification in parentheses immediately following the section or paragraph number or in the sideline if unnumbered
avoid rules for automatic classification, as they can result in documents bearing classifications higher than warranted.

Classification of Committee Papers

25. The following general principles apply to the classification of committee papers:

classification of papers is the responsibility of the chairperson
each item of the minutes and each paper should be classified according to their contents.

Classifications Originating Overseas

26. The New Zealand Government has international obligations and statutory responsibilities to maintain the security of classified material received from allies, friendly nations and international organisations. Material must be classified at a level not less than that in force in the country or organisation of origin.

27. To help identify overseas information when the source is not obvious on the document, the recipient should annotate the document with the country of origin.

28. When using classified information from another country or an international organisation to create new information, safeguard it to a level equal to or greater than that applied by the originator. To ensure appropriate protection, annotate such documents to show that they contain classified information originating from external sources.

Classifications Originating Outside the Organisation

29. Upon receiving classified information from another organisation within New Zealand, safeguard it to a level equal to or greater than that applied by the originator.

Downgrading Classifications

30. Organisations should institute systems of review for downgrading classified material. This especially applies to material in current use. The security instructions for material should include details about downgrading.

31. Adopt the following broad principles:

concentrate on recent documents, which may be still current
after use, return material classified SECRET or TOP SECRET to the point of origin
for authority to downgrade or declassify, refer material classified SECRET or TOP SECRET to the point of origin
destroy or declassify surplus classified material.

32. Before deciding to declassify any documents, media or equipment, assess the risk of disclosure.

33. Consider the following steps:

automatically downgrade information that becomes generally known after an event such as operations, moves, conferences, constitutional changes or visits
review accumulated material for downgrade, or destroy surplus material that is not required for records, after an operation or sequence of events
review files, media and contents for regrading when they are taken out of or brought back into current use
review accountable documents for regrading when they are mustered for periodical checks
review technical or scientific reports for regrading when they are over five years old, or some other specified period.

Annex A-Management of Material Classified as IN-CONFIDENCE

IN CONFIDENCE	Compromise of information would be likely to prejudice the maintenance of law and order, impede the effective conduct of government in New Zealand or affect adversely the privacy of its citizens.
Guidelines:	Prejudice the maintenance of law, including the prevention, investigation and detection of offences, and the right to a fair trial. Affect adversely the privacy of natural persons, including that of deceased natural persons. Disclose a trade secret or unreasonably to prejudice the commercial position of the person who supplied or is the subject of the information. Disclose information which is subject to an obligation of confidence or which any person has been or could be compelled to provide under the authority of any enactment, where the making available of the information would be likely to prejudice the supply of similar information, or information from the same source, and it is in the public interest that such information should continue to be supplied; or be likely otherwise to damage the public interest. Prejudice measures protecting the health or safety of members of the public. Prejudice the substantial economic interests of New Zealand. Prejudice measures that prevent or mitigate material loss to members of the public. Breach the constitutional conventions for the time being which protect: the confidentiality of communications by or with the Sovereign or Her representative; collective and individual ministerial responsibility; the political neutrality of officials; and the confidentiality of advice tendered by ministers of the Crown and officials. Impede the effective conduct of public affairs through: the free and frank expression of opinion by or between or to Ministers of the Crown or officers and employees of any department or organisation in the course of their duty; the protection of such Ministers, officers and employees from improper pressure or harassment. Breach legal professional privilege. Impede a Minister of the Crown or any Department or organisation holding the information to carry out, without prejudice or disadvantage, commercial activities. Lead to the disclosure or use of official information for improper gain or advantage.
Principles and Clearance Levels	Information for official use, with consideration of "need to know" principle. Note: Information held internally by an organisation that is classified IN CONFIDENCE might not always be labelled as such. It should be so marked, however, whenever it is passed outside the organisation to ensure that it is afforded appropriate protection.
Electronic Transmission	An appropriate statement should accompany all IN CONFIDENCE information transmitted via e-mail or fax. It should outline legal responsibilities and notification/destruction instructions if the incorrect party receives it. IN CONFIDENCE data can be transmitted across external or public networks but the level of information contained should be assessed before using clear text. Username/Password access control and/or encryption may be advisable (with the aim of maintaining public confidence in public agencies). All IN CONFIDENCE information (including data) should clearly identify the originating government agency and date.
Electronic Storage	Electronic files (including databases) should be protected against illicit internal use or intrusion by external parties through two or more of the following mechanisms: user challenge and authentication (username/password or digital ID/Certificate) logging use at level of individual firewalls and intrusion-detection systems and procedures; server authentication OS-specific/application-specific security measures.
Electronic Disposal	Electronic files should be disposed of in a way that makes reconstruction highly unlikely.
Manual Transmission	May be carried by ordinary postal service or commercial courier firm as well as mail delivery staff in a single closed envelope [Where there is a concern that the envelope may be opened by a person not authorised to access the material, for example in a registry, it may be prudent to double envelope the material with the inner envelope addressed to an individual by name and title and indicating that it contains material with an IN CONFIDENCE classification.]. The envelope must clearly show a return address in case delivery is unsuccessful. In some cases involving privacy concerns, identifying the originating department may be inappropriate and a return PO Box alone should be used.
Manual Storage	IN CONFIDENCE information can be secured using the normal building security and door-swipe card systems that aim simply to keep the public out of administrative areas of government departments.
Manual Disposal	Disposed of by departmental arrangements.

Annex B-Management of Material Classified as SENSITIVE

SENSITIVE	Compromise of information would be likely to damage the interests of New Zealand or endanger the safety of its citizens.
Guidelines:	Endanger the safety of any person. Damage seriously the economy of New Zealand by disclosing prematurely decisions to change or continue Government economic or financial policies relating to: exchange rates or the control of overseas exchange transactions the regulation of banking or credit taxation the stability, control, and adjustment of prices of goods and services, rents and other costs, and rates of wages, salaries and other incomes the borrowing of money by the Government of New Zealand the entering into of overseas trade agreements. Impede a Minister of the Crown or a department organisation holding the information to carry on without prejudice or disadvantage, negotiations (including commercial and industrial negotiations).
Principles and Clearance Levels	Information classified as SENSITIVE should be held, processed, transmitted and destroyed with discretion to make compromise highly unlikely. Only staff cleared by the department to access SENSITIVE level or above are authorised to handle the information. This includes all staff involved with transmission, storage and disposal.
Electronic Transmission	All SENSITIVE information transmitted across public networks within New Zealand or across any networks overseas must by encrypted using a system approved by the GCSB.
Electronic Storage	Electronic files (including databases) must be protected against illicit internal use or intrusion by external parties through a judicious selection of two or more of the following mechanisms: user challenge and authentication (username/password or digital ID/Certificate) logging use at level of individual firewalls and intrusion-detection systems and procedures; server authentication OS-specific/application-specific security measures.
Electronic Disposal	Electronic files should be disposed of in a way that makes reconstruction highly unlikely.
Manual Transmission	Within a single physical location. As determined by the Chief Executive or Head of the organisation. Transfer between establishments within or outside New Zealand. May be carried by ordinary postal service or commercial courier firms, provided the envelope/package is closed and the word SENSITIVE is not visible. The outer envelope should be addressed to an individual by name and title. SENSITIVE mail for/from overseas posts should be carried by diplomatic airfreight through MFAT. The outer envelope must clearly show a return address in case delivery is unsuccessful. In some cases due to the nature of the contents, identifying the originating department may be inappropriate and a return PO Box alone should be used.
Manual Storage	In an office environment, SENSITIVE material should be held in a lockable storage area or cabinet. In a storage facility, all material should be protected through controlled access to the storage areas, and through a secure physical environment.
Manual Disposal	Disposed of or destroyed in a way that makes reconstruction highly unlikely.

Annex C-Management of Material Classified as RESTRICTED

RESTRICTED	Compromise of information would be likely to affect the national interests in an adverse manner.
Guidelines:	Affect diplomatic relations adversely. Hinder the operational effectiveness or security of New Zealand or friendly forces. Affect the internal stability or economic well-being of New Zealand or friendly countries adversely.
Principles and Clearance Levels	Information classified as RESTRICTED should be held, processed, transmitted and destroyed with discretion to make compromise highly unlikely. Only staff cleared by the department to access RESTRICTED level or above is authorised to handle the information. This includes all staff involved with transmission, storage and disposal.
Electronic Transmission	All RESTRICTED information transmitted across public networks within New Zealand or across any networks overseas must be encrypted using a system approved by the GCSB.
Electronic Storage	Electronic files (including databases) must be protected against illicit internal use or intrusion by external parties through a judicious selection of two or more of the following mechanisms: user challenge and authentication (username/password or digital ID/Certificate) logging use at level of individual firewalls and intrusion-detection systems and procedures; server authentication OS-specific/application-specific security measures.
Electronic Disposal	Electronic files should be disposed of in a way that makes reconstruction highly unlikely.
Manual Transmission	Within a single physical location. As determined by the Chief Executive or Head of the organisation. Transfer between establishments within or outside New Zealand. May be carried by ordinary postal service or commercial courier firms, provided the envelope/package [Where there is a concern that the envelope may be opened by a person not authorised to access the material, for example in a registry, it may be prudent to double envelope the material with the inner envelope addressed to an individual by name and title and indicating that it contains material with a SENSITIVE classification.] is closed and the word RESTRICTED is not visible. The outer envelope should be addressed to an individual by name and title. RESTRICTED mail for/from overseas posts should be carried by diplomatic airfreight via MFAT. The outer envelope must clearly show a return address in case delivery is unsuccessful. In some cases due to the nature of the contents, identifying the originating department may be inappropriate and a return PO Box alone should be used.
Manual Storage	In an office environment, RESTRICTED material should be held in a lockable storage area or cabinet. In a storage facility, all material should be protected through controlled access to the storage areas, and through a secure physical environment.
Manual Disposal	Disposed of or destroyed in a way that makes reconstruction highly unlikely.

Annex D-Management of Material Classified as CONFIDENTIAL

CONFIDENTIAL	Compromise of information would damage national interests in a significant manner.
Guidelines:	Materially damage diplomatic relations (ie cause formal protest or other sanctions). Cause damage to the operational effectiveness or security of New Zealand or friendly forces or to the continuing effectiveness of valuable security or intelligence operations. Damage the internal stability of New Zealand or friendly countries. Disrupt significant national infrastructure.
Principles and Clearance Levels	Information classified as CONFIDENTIAL must be held, processed, transmitted and destroyed with levels of security commensurate with the significant damage to national interest that compromise would incur. Only staff cleared by the department for CONFIDENTIAL access or above is authorised to handle the information. This includes all staff involved with transmission, storage and disposal.
Electronic Transmission	All CONFIDENTIAL information transmitted across any networks within New Zealand or overseas must be encrypted using a system approved by the GCSB.
Electronic Storage	Electronic files (including databases) must be protected against illicit internal use or intrusion by external parties through a judicious selection of two or more of the following mechanisms: user challenge and authentication (username/password or digital ID/Certificate) logging use at level of individual firewalls and intrusion-detection systems and procedures; server authentication OS-specific/application-specific security measures
Electronic Disposal	Media that has held CONFIDENTIAL information must be declassified by degaussing, overwriting or destroying iaw GCSB guidelines contained in NZSIT 207.
Manual Transmission	Within a single physical location. Single opaque envelope that indicates the classification, with a receipt at the discretion of the originator, and either: despatched through a department's own transit system; or distributed within a building or part of a building that has been declared a specially protected area; otherwise must be double enveloped and sealed with approved seals in accordance with Chapter 4 paragraph 104 and carried by authorised messengers. Transfer between establishments within New Zealand. CONFIDENTIAL material should be double enveloped and sealed with approved seals in accordance with Chapter 4 paragraph 104 and: carried by an authorised messenger or safe-hand courier with "By Hand" stamped on the outer envelope; or where no authorised messenger or safe-hand courier service exists CONFIDENTIAL material may be sent by registered post . In this case, receipts must be obtained. Transfer between establishments outside New Zealand. CONFIDENTIAL material must be double enveloped with "By Hand" stamped on the outer envelope and sealed with approved seals in accordance with Chapter 4 paragraph 104 with a receipt form included inside the inner envelope and: carried by the Diplomatic safe-hand bag service operated by MFAT to or between posts; or where no safe-hand courier service exists material may be sent by registered post within Australia, Canada and the United States of America between New Zealand posts situated in respective countries; or in exceptional circumstances CONFIDENTIAL material may be transmitted by registered mail between New Zealand diplomatic posts or other New Zealand agencies situated in the United Kingdom, Canada, Australia and the United States of America, or by Diplomatic air freight bag between MFAT and New Zealand official missions in Niue and Tarawa. For further advice contact NZSIS. COMSEC material. To be handled in accordance with procedures advised by GCSB from time to time.
Manual Storage	Must be locked in an approved security container when not in use. See Chapter 7 paragraph 54. The minimum acceptable storage arrangements are a combination of the protection afforded by the security container itself, the position or site and the use of approved security equipment.
Manual Disposal	If accountable, the destruction should be recorded by marking the record of accountable documents or the file index sheet where these are used. See Chapter 4 paragraph 68. Destroy by burning, pulping, shredding or dry maceration.

Annex E-Management of Material Classified as SECRET

SECRET	Compromise of information would damage national interests in a serious manner.
Guidelines:	Raise international tension. Damage seriously relations with friendly governments. Cause serious damage to the operational effectiveness or security of New Zealand or friendly forces or the effectiveness of valuable security or intelligence operations. Seriously damage the internal stability of New Zealand or friendly countries. Shut down or substantially disrupt significant national infrastructure.
Principles and Clearance Levels	Information classified as SECRET must be held, processed, transmitted and destroyed with levels of security commensurate with the serious damage to national interest that compromise would incur. Only staff cleared by the department for SECRET access or above are authorised to handle the information. This includes all staff involved with transmission, storage and disposal.
Electronic Transmission	All SECRET information transmitted across any network within New Zealand or overseas must be encrypted using a system approved by the GCSB.
Electronic Storage	Electronic files (including databases) must be protected against illicit internal use or intrusion by external parties through a judicious selection of two or more of the following mechanisms: user challenge and authentication (username/password or digital ID/Certificate) logging use at level of individual firewalls and intrusion-detection systems and procedures; server authentication OS-specific/application-specific security measures.
Electronic Disposal	Media that has held SECRET information must be declassified by degaussing, overwriting or destroying iaw GCSB guidelines contained in NZSIT 207.
Manual Transmission	Within a single physical location. Material should be double enveloped and sealed with approved seals in accordance with Chapter 4 paragraph 104 and: despatched through a department's own transit system with hand-to-hand receipts at each stage of the journey; or distributed within a building or part of a building that has been declared a specially protected area; otherwise carried by authorised messengers. Transfer between establishments within New Zealand. SECRET material should be double enveloped with "By Hand" stamped on the outer envelope and sealed with approved seals in accordance with Chapter 4 paragraph 104 and carried by an authorised messenger or safe-hand courier. Transfer between establishments outside New Zealand. SECRET material must be double enveloped with "By Hand" stamped on the outer envelope and sealed with approved seals in accordance with Chapter 4 paragraph 104 with a receipt form included inside the inner envelope and carried by the Diplomatic safe-hand bag service operated by MFAT. COMSEC material. To be handled in accordance with procedures advised by GCSB from time to time.
Manual Storage	Must be locked in an approved security container when not in use. See Chapter 7 paragraph 54. The minimum acceptable storage arrangements are a combination of the protection afforded by the security container itself, the position or site and the use of approved security equipment.
Manual Disposal	If accountable the destruction should be recorded by marking the record of accountable documents or the file index sheet where these are used. See Chapter 4 paragraph 68. Destroy by burning, pulping, shredding or dry maceration.

Annex F-Management of Material Classified as TOP-SECRET

TOP SECRET	Compromise of information would damage national interests in an exceptionally grave manner.
Guidelines:	Threaten directly the internal stability of New Zealand or friendly countries. Lead directly to widespread loss of life. Cause exceptionally grave damage to the operational effectiveness or security of New Zealand or friendly forces or the effectiveness of extremely valuable security or intelligence operations. Cause exceptionally grave damage to relations with other governments. Cause severe long-term damage to significant national infrastructure.
Principles and Clearance Levels	Information classified as TOP SECRET must be held, processed, transmitted and destroyed with levels of security commensurate with the exceptionally grave damage to national interest that compromise would incur. Only staff cleared by the department for TOP SECRET access is authorised to handle the information. This includes all staff involved with transmission, storage and disposal.
Electronic Transmission	All TOP SECRET information transmitted across any network within New Zealand or overseas must be encrypted using a system approved by the GCSB.
Electronic Storage	Electronic files (including databases) must be protected against illicit internal use or intrusion by external parties through a judicious selection of two or more of the following mechanisms: user challenge and authentication (username/password or digital ID/Certificate) logging use at level of individual firewalls and intrusion-detection systems and procedures server authentication OS specific/application-specific security measures
Reproduction	TOP SECRET documents should only by photocopied on the written request of an authorised employee. The photocopying of TOP SECRET documents must be recorded, showing the subject, reference number, number of copies made and authority for copying.
Electronic Disposal	Media that has held TOP SECRET information cannot be declassified and must be destroyed in accordance with GCSB guidelines contained in NZSIT 207.
Manual Transmission	Within a single physical location. Material should be double enveloped with "By Hand" stamped on the outer envelope and sealed with approved seals in accordance with Chapter 4 paragraph 104 and: despatched through a department's own transit system with hand-to-hand receipts at each stage of the journey; or distributed within a building or part of a building that has been declared a specially protected area; otherwise carried by authorised messengers within an approved circulating box or pouch. Transfer between establishments within New Zealand. TOP SECRET material should be double enveloped with "By Hand" stamped on the outer envelope and sealed with approved seals in accordance with Chapter 4 paragraph 104 and carried by an authorised messenger or safe-hand courier. Transfer between establishments outside New Zealand. TOP SECRET material must be double enveloped and sealed with approved seals in accordance with Chapter 4 paragraph 104 with a receipt form included inside the inner envelope and carried by the Diplomatic safe-hand bag service operated by MFAT. COMSEC material. To be handled in accordance with procedures advised by GCSB from time to time.
Manual Storage	Must be locked in an approved security container when not in use. See Chapter 7 paragraph 54. The minimum acceptable storage arrangements are a combination of the protection afforded by the security container itself, the position or site and the use of approved security equipment.
Manual Disposal	Before destruction all pages and enclosures must be verified as present. The destruction must be supervised and witnessed and should be recorded by filing a note of destruction in the place of the document or by marking the relevant entry on the file index sheet where these are authorised. See Chapter 4 paragraph 68. Destroy by burning, pulping, shredding or dry maceration.

Annex G-Endorsements that may be Applied with any Security Classification

Appointments	Actual or potential appointments that have not yet been announced and the deliberation during the recommendation/approval process
Budget	Proposed or actual measures for the Budget prior to their announcement by the Treasurer
Cabinet	Contains material which will be presented to, and/or, require decisions by, Cabinet or Cabinet Committee
Commercial	Sensitive commercial processes, negotiations of affairs
Evaluative	Material relating to competitive evaluations such as interview records and tender assessments
Honours	The actual or potential award of an honour before the announcement of the award and the deliberations during the recommendation/approval process or the consideration of honours policy matters involving the exercise of the Royal prerogative
Medical	Medical reports, records and other material related to them
Staff	References to named or identifiable staff. Also for use by staff in entrusting personal confidences to management
Policy	Proposals for new or changed government policy before publication
New Zealand Eyes Only	This material is not to be viewed by any person who is not a New Zealand national
[Department(s)] Use Only	For use only within the specified department(s)
Addressee Only	Material that is only to be seen by the person to whom it is addressed
Embargoed for Release	Prior to the designation time at which an announcement will be made, an address made or information will be disseminated
To be Reviewed on	A designated time at which the classification of the information is to be reviewed

[ Previous | Next ]