470 - Security Management
Records relating to the security of ministry/agency buildings, facilities, and information systems.
Record types include correspondence, logs, reports, and other types of records as indicated under relevant secondaries.
For computer system backup records, see primary 6820.
For criminal and police record checks related to staffing competitions, see primary 1665.
For disaster recovery/emergency measures, see primary 275.
For insurance claims, see primary 450.
The ministry or agency OPR is the ministry/agency security departments unless otherwise specified below.
non-OPR NOTE: Offices will retain non-OPR copies of records for: SO nil DE
|470-00||Policy and procedures||SO||nil||DE|
|470-03||Security activity and control records
(covers building, facility, equipment (including vehicle) access control, key and pass allocations, and sign-in/out logs, including electronic sign-out/employee location tracking systems, and daily logs maintained by security personnel)
(includes identification tags, and security distribution and control lists)
NOTE: Classify computer access permissions/authorizations under secondary -40. Reclassify records that support investigations under secondary -20.
|470-04||Intrusion detection records
(covers intrusion detection systems and computer protection systems)
(includes alarm and detection system data and reports)
SO = when reviewed, and if relevant, when action is taken
NOTE: Reclassify intrusion detection records that relate to investigations under secondary -20.
(covers security threat and risk assessments (TRAs) or equivalent, system penetration tests, and Healthcheck assessments)
(includes correspondence, forms, and checklists)
OPR = The program area responsible for the computer system, manual process, or activity being assessed.
SO = when replaced by new assessment or test and corrective action is taken; or when related computer system, manual process, or activity is obsolete
NOTE: These records communicate best practices, security threats and vulnerabilities to staff.
|470-08||Security incident and loss reporting
(covers asset loss investigation reports, branch incident reports (BIRs), general incident or loss reports (GILRs) – FIN595, and equivalent reports relating to flooding, vandalism, theft, and other security incidents)
(includes branch incident reports (BIRs), general incident or loss reports (GILRs) - FIN 595, and equivalent reports)
2y = The retention period is based on the two-year limitation period for commencing an action arising from property damage or personal injury under the Limitation Act (RSBC 1996, c. 266, s. 3).
NOTE: Reclassify security incident and loss reports resulting in investigations under secondary -20.
(covers application, server, network, website, system, event, audit, and equivalent logs monitored by security personnel)
NOTE: Reclassify logs relevant to an investigation under secondary -20. Classify logs relating to system operations and maintenance under secondary 6820-06.
(includes video, audio, digital, and other types of surveillance recordings)
SO = when recordings are no longer required
NOTE: Reclassify recordings resulting in an investigation under secondary -20.
FOI: Use surveillance recordings in scheduled rotation and erase all previous recordings prior to reuse. Public bodies must securely dispose of old recordings.
|470-11||Systems security control documentation
(covers records documenting security controls for computer systems (e.g., authorization matrices))
|470-20||Security incident investigation files
(includes correspondence, reports, and if relevant, investigators’ notebooks, surveillance recordings, security logs, and exhibit records)
SO = when investigation is closed
3y = The retention period is based on the two-year limitation period for commencing an action arising from property damage or personal injury under the Limitation Act (RSBC 1996, c. 266, s. 3), plus one year for the service of documents.
DE = Security investigation files can be destroyed upon authorization of the Records Officer because information concerning significant investigations are adequately documented in executive records covered by primary 280 and/or by Special Schedule for Executive Records (102906).
|470-25||Security clearance files
(includes correspondence and forms)
SO = upon expiry of clearance or date of decision to deny clearance
|470-30||Security site files
(includes contact lists, drawings, plans, and procedures)
SO = when site is no longer utilized
NOTE: This secondary includes contact lists, site-specific security procedures, floor and wiring plans and inventory information on alarms, cameras, safes, drop boxes, keys, and other types of security equipment installed in ministry/agency buildings and facilities.
NOTE: Please notify the central records management agency before disposing of any files that contain building plans created before 1977 when British Columbia Building Corporation and its successor Real Estate and Accommodation Services became the central agency responsible for these plans.
|470-40||User IDs and access authority files
(covers individual access to computer systems, USERIDs and access authorities)
(includes correspondence and forms)
NOTE: This secondary covers security authentication and access permissions/authorizations to ministry/agency computer applications. Classify building and equipment access control under secondary -03.