Skip to main content

Skip to navigation

The access keys for this page are:

470 - SECURITY MANAGEMENT

Records relating to the security of ministry/agency buildings, facilities, and information systems.

Record types include correspondence, logs, reports, and other types of records as indicated under relevant secondaries.

For computer system backup records, see primary 6820.
For criminal and police record checks related to staffing competitions, see primary 1665.
For disaster recovery/emergency measures, see primary 275.
For insurance claims, see primary 450.

The ministry or agency OPR is the ministry/agency security departments unless otherwise specified below.

non-OPR NOTE: Offices will retain non-OPR copies of records for: SO nil DE

Primary-
Secondary
Records Series   OPR
    A SA FD
470-00 Policy and procedures   SO nil DE
470-01 General   CY+2y nil DE
470-02 (superseded by secondary -03 Security activity and control records)  
470-03

Security activity and control records
(covers building, facility, equipment [including vehicle] access control, key and pass allocations, and sign-in/out logs, including electronic sign-out/employee location tracking systems, and daily logs maintained by security personnel)
(supersedes and merges former secondaries 465-02 Identification tags, 470-02 Security distribution and control list, and 470-03 Building security)

NOTE: Classify computer access permissions/authorizations under secondary -40.  Reclassify records that support investigations under secondary -20.

  CY+1y nil DE
470-04

Intrusion detection records
(supersedes and merges former secondaries 470-04 Intrusion detection systems and 470-05 Computer protection systems)
(includes alarm and detection system data and reports)

SO = when reviewed, and if relevant, when action is taken

NOTE: Reclassify intrusion detection records that relate to investigations under secondary -20.

  SO nil DE
470-05 (superseded by secondary -04 Intrusion detection records)        
470-06

Security assessments
(covers security threat and risk assessments [TRAs] or equivalent, system penetration tests, and “Healthcheck assessments)
(includes correspondence, forms, and checklists)
(supersedes former secondary 470-06 Threats to security)

OPR = The program area responsible for the computer system, manual process, or activity being assessed.

SO = when replaced by new assessment or test and corrective action is taken; or when related computer system, manual process, or activity is obsolete

  SO nil DE
470-07

Security bulletins

NOTE: These records communicate best practices, security threats and vulnerabilities to staff.

  CY+1y nil DE
470-08

Security incident and loss reporting
(supersedes former secondaries 550-02 Vandalism and theft, 550-03 Flooding, 705-02 Asset loss investigation reports, and 877-14 Vandalism and theft)
(includes branch incident reports [BIRs], general incident or loss reports [GILRs] - FIN 595, and equivalent reports)

2y = The retention period is based on the two-year limitation period for commencing an action arising from property damage or personal injury under the Limitation Act (RSBC 1996, c. 266, s. 3).

NOTE: Reclassify security incident and loss reports resulting in investigations under secondary -20.

  CY+2y nil DE
470-09

Security-monitored logs
(covers application, server, network, website, system, event, audit, and equivalent logs monitored by security personnel)

NOTE: Reclassify logs relevant to an investigation under secondary -20.  Classify logs relating to system operations and maintenance under secondary 6820-06.

  CY+2y nil DE
470-10

Surveillance recordings
(includes video, audio, digital, and other types of surveillance recordings)

SO = when recordings are no longer required

NOTE: Reclassify recordings resulting in an investigation under secondary -20.

FOI: Use surveillance recordings in scheduled rotation and erase all previous recordings prior to reuse.  Public bodies must securely dispose of old recordings.

  SO nil DE
470-11 Systems security control documentation
(covers records documenting security controls for computer systems [e.g., authorization matrices])
  CY+5y nil DE
470-20

Security incident investigation files 
(supersedes and merges former secondaries 462-20 security incidents/investigations, 465-25 Security investigations, and 470-20 Security incidents/investigations)
(includes correspondence, reports, and if relevant, investigators’ notebooks, surveillance recordings, security logs, and exhibit records)

SO = when investigation is closed

3y = The retention period is based on the two-year limitation period for commencing an action arising from property damage or personal injury under the Limitation Act (RSBC 1996, c. 266, s. 3), plus one year for the service of documents.

DE = Security investigation files can be destroyed upon authorization of the Records Officer because information concerning significant investigations are adequately documented in executive records covered by primary 280 and/or by Special Schedule for Executive Records (102906).

  SO+1y 2y DE PIB
470-25

Security clearance files
(supersedes former secondary 465-20 Security clearance files [individual])
(includes correspondence and forms)

SO = upon expiry of clearance or date of decision to deny clearance

  SO+1y nil DE PIB
470-30

Security site files
(includes contact lists, drawings, plans, and procedures)

SO = when site is no longer utilized

NOTE: This secondary includes contact lists, site-specific security procedures, floor and wiring plans and inventory information on alarms, cameras, safes, drop boxes, keys, and other types of security equipment installed in ministry/agency buildings and facilities.

NOTE: Please notify the central records management agency before disposing of any files that contain building plans created before 1977 when British Columbia Building Corporation and its successor Accommodation and Real Estate Services became the central agency responsible for these plans.

  SO+1y nil DE
470-40

User IDs and access authority files  
(supersedes former secondaries 465-04 Individual access to computer systems and 465-30 USERIDs and access authorities)
(includes correspondence and forms)

NOTE: This secondary covers security authentication and access permissions/authorizations to ministry/agency computer applications.  Classify building and equipment access control under secondary -03.

  CY+2y nil DE PIB

Previous | Next