Data Management and Records Control Policy

POLICY PURPOSE

Logmaster documents have an appropriate section and metadata for classification that must be used when initially creating documents, updating them and from then on managing that document throughout its lifecycle. For example, for Microsoft Office documents, spreadsheets, diagrams and presentations, the classification should be recorded in the document header/footer. Including electronic documents and communications. The Logmaster business management system is the intellectual property of Logmaster.

DISTRIBUTION

All Logmaster people must identify the classification of information at creation and record that classification with the information, or the system processing, transmitting or storing that information.

PROTOCOL

Logmaster documents have an appropriate section and metadata for classification that must be used when initially creating documents, updating them and from then on managing that document throughout its lifecycle. For example, for Microsoft Office documents, spreadsheets, diagrams and presentations, the classification should be recorded in the document header/footer.

Logmaster has a default classification of UNCLASSIFIED for all emails or other messages for normal business purposes, except when using email and messaging services to transfer SENSITIVE, SENSITIVE:PERSONAL SENSITIVE and SENSITIVE:LEGAL information, in which case there are specific measures deployed to protect the sensitivity and integrity of information when transmitting over email and messaging systems. When communicating with Government departments/agencies protective markings must be used to designate the classification of the data.

POLICY STATEMENT

The following requirements are applicable to email within Logmaster

  • All official emails being sent externally must have an appropriate protective marking (security classification);
  • Email protective markings must accurately reflect the classification of an email message, including any attachments. Classification is the responsibility of the author;
  • Where an unmarked email has originated outside the Government, system users must assess the information and determine how it is to be handled;
  • Where an email is of a personal nature and does not contain government information, protective markings for official information should not be used. As an alternative, the email could be marked as UNOFFICIAL;
  • Where an unmarked email has originated from an Australian or overseas government agency, system users should contact the originator to determine how it is to be handled;
  • Where an email is received with an unknown protective marking from an Australian or overseas government agency, system users should contact the originator to determine appropriate security measures.
  • Prevent unmarked and inappropriately marked emails being sent to intended recipients by blocking the email at the email server or at the workstation.
  • All incoming email attachments will be scanned to ensure that they are not malware;
  • In cases of audio files attached to email messages, these should also be classified and handled as per their classification. Audio files should be reviewed either behind closed doors and or by use of individual headphones thereby preserving the privacy of the audio file.
  • Prevent unmarked and inappropriately marked emails being sent to intended recipients by blocking the email at the email server or at the workstation.
  • All incoming email attachments will be scanned to ensure that they are not malware.
  • The intended recipient will be Notified of any blocked emails.

 

Inventory and Maintenance of Important Assets

Logmaster will maintain a register of all important assets, so that the risk to these assets can be managed and monitored. This register may take the form of an application, document or database, but must be protected from unauthorised access, modification or loss.

Logmaster defines important information assets as those that are classified as SENSITIVE, SENSITIVE:PERSONAL or SENSITIVE:LEGAL and assigns ownership to these assets. Information owners are accountable for:

  • Maintaining registers of information under their ownership;
  • The adequate protection of these information assets and demonstrating compliance with the information security policy;
  • Granting authorisation for access to these information assets based on business need and maintaining an up-to-date list of those with access to information.

 

LOGMASTER defines important IT assets as those that are:

  • Used for the handling of SENSITIVE, SENSITIVE:PERSONAL or SENSITIVE:LEGAL information;
  • Critical to the operation of the business;
  • Critical to providing information security controls, for example network infrastructure, servers and storage platforms.

 

Ownership and accountability is assigned to senior management as follows:

  • Privacy Manager – SENSITIVE:PERSONAL information;
  • GM Technology – Information used within LOGMASTER’s platform services;
  • COO – Information used within Logmaster’s internal business services and information relevant to business continuity;
  • Project Managers – Information used within projects;
  • General Counsel – Legal documents, including corporate records and contracts;
  • General Manager People and Development – HR records, finance and accounting records;
  • All General Managers – Important information assets within their division.

 

Handling of information assets

Information and IT assets classified as SENSITIVE, SENSITIVE:LEGAL and SENSITIVE:PERSONAL must not be stored within LOGMASTER IT systems unless specific provision has been made for the security of these assets, based on the risks on how those assets will be used.

Logmaster will identify the risk to SENSITIVE, SENSITIVE:LEGAL or SENSITIVE:PERSONAL information assets and implement adequate security controls to manage the risk to these assets and the IT systems that these assets reside on. These security controls are intended to make sure that LOGMASTER meets it legal and shareholder obligations to:

  • Protect this information from unauthorised disclosure, modification or deletion;
  • Control access to this information to named individuals who have a business need for access;
  • Provide a means to monitor and review which specific individuals have accessed this information, when that access has taken place and the actions undertaken with that access; 
  • Protect audit trails and associated logs from unauthorised modification or destruction.

 

All IT systems that use SENSITIVE, SENSITIVE:LEGAL and SENSITIVE:PERSONAL information will be classified according to the information that they process and clearly marked as such so that they are handled appropriately throughout their lifecycle.

Retention and Archiving of classified information assets

It is an important legislative and often a regulatory requirement that information assets are retained for specific periods of time in specific formats. There are mandatory obligations on retention periods applicable to all manner of information assets including clinical records, corporate records, security logs and health information. 

Business managers must seek legal advice to ascertain the compliance requirements with relevant state and federal legislation (for example, compliance with government data retention laws.

The information assets also cover the following specific raw log files:

  • Application logs
  • Database logs
  • System logs, 
  • Audit files,
  • Event logs
  • Application whitelisting logs
  • Antivirus logs
  • Proxy logs
  • VPN Logs
  • DNS logs
  • DHCP logs
  • Mail server logs. 

 

To maintain an efficient and cost-effective system, it is essential to transfer to off-site/offline as they become inactive. On site holdings include records pertaining to the current year’s work plus one year previous.

The ability to retrieve archived materials is essential. For example, when upgrading hardware and software the ability to read, retrieve, and produce copies of stored records must be maintained, either by retaining old hardware and software; or migrating stored information onto the new system, ensuring maintenance of record integrity.

Disposal of classified information assets

Records disposal should be managed to eliminate records which are no longer required in an authorised, systematic manner. In particular, personal information must be destroyed or permanently de‐identified by secure means, if it is no longer needed for any purpose for which the information may be used or disclosed under the Privacy Act 1988 (Cwth).

Disposal of hard copy and electronic records must be authorised before processing. At the time records are due for destruction the appropriate disposal authority must be forwarded to the relevant custodian for approval. Prior to final disposal it must be verified that no records that are pending disposal relate to any actual or reasonably anticipated claim, litigation, subpoena, search warrant or other formal information gathering notice. 

All copies of records that are authorised for destruction, including security copies, preservation copies and backup copies, should be destroyed. A record of disposal actions, once they have been carried out, is to be maintained.
Information or documents that do not need to be placed on an official file may be disposed of when they are no longer required. 

Hard copy documents are to be disposed of in the secure disposal bin or shredded if they contain confidential, sensitive or proprietary business information. (DUS-Destroy under supervision).

The physical disposal of hard copy records is contracted to an authorised disposal company and is carried out under secure conditions to preserve the confidentiality of any information they contain.

It is important to maintain the integrity of the information asset which includes maintaining metadata about the information, who used it, and how it was used. 

These information assets must be date and times stamped and protected from: 

  • Modification and unauthorised access
  • Whole or partial loss within the defined retention period

 

Even though in most cases an investigation does not directly require legal intervention, it is important that the integrity of evidence such as manual logs, automatic audit trails and intrusion detection tool outputs be protected.

When storing raw audit trails onto media it is important that it is done in accordance with relevant retention requirements as documented by the Cybersafe Statutory and regulatory requirements. 

The rights of Logmaster shareholders and committees to request access to information pertaining to the records and affairs of Logmaster are governed by the Logmaster Shareholders’ Agreement.

RELATED POLICIES

LOGMASTER Shareholders’ Agreement
Quality Policy
Governance Policy
Privacy Policy
Security Policy

STANDARDS AND REFERENCES

ISO 9001:2015
Privacy Act 1988 and amendments for transmission of data (Commonwealth)
ISO / EC 27000

DOCUMENT CONTROL

Version 2Original Policy DevelopmentJan 2021
Version 2Policy Approved by CGU ExecMay 21
Version 2Policy ImplementedMay 21
V2Revision DateOct 2022