- B.C. Home
- Ministry of Technology, Innovation and Citizens' Services
- Information Access Operations
- Freedom of Information
- Managers, Information Access
- Records Management
- ARCS Online
470 - SECURITY MANAGEMENT
Records relating to the security of ministry/agency buildings, facilities, and information systems.
Record types include correspondence, logs, reports, and other types of records as indicated under relevant secondaries.
For computer system backup records, see primary 6820.
For criminal and police record checks related to staffing competitions, see primary 1665.
For disaster recovery/emergency measures, see primary 275.
For insurance claims, see primary 450.
The ministry or agency OPR is the ministry/agency security departments unless otherwise specified below.
non-OPR NOTE: Offices will retain non-OPR copies of records for: SO nil DE
|470-00||Policy and procedures||SO||nil||DE|
Security activity and control records
NOTE: Classify computer access permissions/authorizations under secondary -40. Reclassify records that support investigations under secondary -20.
Intrusion detection records
SO = when reviewed, and if relevant, when action is taken
NOTE: Reclassify intrusion detection records that relate to investigations under secondary -20.
OPR = The program area responsible for the computer system, manual process, or activity being assessed.
SO = when replaced by new assessment or test and corrective action is taken; or when related computer system, manual process, or activity is obsolete
NOTE: These records communicate best practices, security threats and vulnerabilities to staff.
Security incident and loss reporting
2y = The retention period is based on the two-year limitation period for commencing an action arising from property damage or personal injury under the Limitation Act (RSBC 1996, c. 266, s. 3).
NOTE: Reclassify security incident and loss reports resulting in investigations under secondary -20.
NOTE: Reclassify logs relevant to an investigation under secondary -20. Classify logs relating to system operations and maintenance under secondary 6820-06.
SO = when recordings are no longer required
NOTE: Reclassify recordings resulting in an investigation under secondary -20.
FOI: Use surveillance recordings in scheduled rotation and erase all previous recordings prior to reuse. Public bodies must securely dispose of old recordings.
|470-11||Systems security control documentation
(covers records documenting security controls for computer systems [e.g., authorization matrices])
Security incident investigation files
SO = when investigation is closed
3y = The retention period is based on the two-year limitation period for commencing an action arising from property damage or personal injury under the Limitation Act (RSBC 1996, c. 266, s. 3), plus one year for the service of documents.
DE = Security investigation files can be destroyed upon authorization of the Records Officer because information concerning significant investigations are adequately documented in executive records covered by primary 280 and/or by Special Schedule for Executive Records (102906).
Security clearance files
SO = upon expiry of clearance or date of decision to deny clearance
Security site files
SO = when site is no longer utilized
NOTE: This secondary includes contact lists, site-specific security procedures, floor and wiring plans and inventory information on alarms, cameras, safes, drop boxes, keys, and other types of security equipment installed in ministry/agency buildings and facilities.
NOTE: Please notify the central records management agency before disposing of any files that contain building plans created before 1977 when British Columbia Building Corporation and its successor Real Estate and Accommodation Services became the central agency responsible for these plans.
User IDs and access authority files
NOTE: This secondary covers security authentication and access permissions/authorizations to ministry/agency computer applications. Classify building and equipment access control under secondary -03.