Find a Standard

Here you can find the most recent version of each IM/IT standard. These standards apply to all ministries and provincial agencies. You may notice gaps in the numbering, this is because some standards become obsolete over time. More detail can be found for each standard in the detail column.

1.   Appropriate Use

# Standard Description Applies to Detail

Web Traffic Filtering

Websense is an internet web traffic filtering and tracking solution offered by SSBC All outbound web based network traffic

 Outline (PDF)

1.2 Guidelines on the Use of Open Source Software Guidelines to help inform decision makers when the use of Open Source Software packages are being considered. Ministries and Agencies when considering the procurement of software for the Province of British Columbia. Guidelines  (PDF)
1.3 Electronic Signatures Guide

Guide that provides a common starting point in navigating the requirements to build electronic signature solutions.

Ministry policy and technical teams considering moving signature processes online.



2.  Software Development

# Standard Description Applies to Detail

Development Standards for Information Systems

Mandates terms and conditions for the ministry use and management of requirements The development and maintenance of information systems

 Standard  (PDF)

2.2 REST API Development Standard Mandates the use of a specific software architecture style (REST) for public facing Application Programming Interfaces. All public facing application software programming interfaces. Standard  (PDF)


3.  Information Management

# Standard Description Applies to Detail

Data Administration Standard

Provides minimum criteria for data management General information management  Standard  (PDF)
3.2 Guidelines for Best Practices in Data Management – Roles and Responsibilities The roles and responsibilities described here reflect best practices for data management within the Province of British Columbia. From a business context, these concepts provide foundational support for improving information access and sharing both internally within government and to the public. Management of data sets. Guidelines  (PDF)
3.3 Mailing & Delivery Address Data Standards for addresses are useful for the collection and exchange of mailing, delivery and residential address information The collection, presentation and exchange of citizen and business address information  Standard  (PDF)
3.4 Physical Address & Geocoding Geocoding is the process of determining the geographic position (coordinates) of a location from it’s physical address During the development of  the conceptual models of information systems that handle geocoding information Outline (PDF)
3.5 Date & Time Consistent date and time standards mitigate risk, enable information sharing and interoperability and improve efficiencies between IM/IT systems Computer-generated display date and time formats, with the exception of Provincial correspondence  Outline (PDF)
3.6 Document & Records Mgmt Enterprise Document and Records Management Systems (EDRMS) are integrated software solutions used for managing documents and records from creation to disposition Physical and electronic records management

 Outline (PDF)


3.7 Aboriginal Administrative Data Government should be consistent in the way Aboriginal citizens are identified The delivery of services and programs designed to improve the socio-economic outcomes for Aboriginal persons  Outline (PDF)
3.8 Raster Data Typically related to geography, a raster is a matrix of cells (pixels) organized into a grid where each  cells contains a value representing information (e.g. temperature) When using or creating raster data (raster cell origin, shape and size)

 Outline (PDF)


3.9 Open Data—Physical Dataset Open Dataset are files that contain machine-processable information that is accessible by the public When publishing open datasets  Outline (PDF)
3.10 Critical Systems Standard Provided system management requirements for critical systems. Any system deemed critical. Standard (PDF)
3.11 Critical Systems Guidelines Supplement to the Critical Systems Standard Any system deemed critical.

Guidelines  (PDF)


4.  Identity Management

# Standard Description Applies to Detail
4.2 BCeID BCeID provides an electronic identity that makes it possible for citizens to access government services using a single identifier and password Information systems with requirements for authenticated identity information

 Outline (PDF)

 Memo (PDF)

4.3 Identity Card – Physical Characteristics Provides technical specifications for multi-function identity cards for B.C. public service employees, contractors, and visitors Any initiative for a common identity card for government employees  Outline (PDF)
4.4 Identity Assurance Standard Provides a framework for establishing trust and confidence between parties issuing and receiving identity claims Business processes and information systems with requirements for identity assurance  Outline (PDF)
4.5 Evidence of Identity Standard Re-introduces the Identification Levels set out in the Identity Assurance Standard and sets evidence of identity, registration and operational diligence standards for establishing an individual’s identity Business processes and information systems with requirements for identity assurance  Outline (PDF)
4.6 Electronic Credential & Authentication Standard

Specifies the requirements for issuing, managing and authenticating electronic credentials to differing levels of strength.

Supports the Identity Assurance Standard
Business processes and information systems with requirements for identity assurance  Outline (PDF)
4.8 Claims Information Standard Explains how to define and use claims, and provides definitions for the core set of claims related to the Identity Information Reference Model Business processes and information systems with requirements for identity assurance  Outline (PDF)
4.9 Claims Technology Standard Sets the standards and profiles related to several open standard protocol specifications. Also describes standards for security controls and logon user experience to promote secure and usable implementations Information systems with requirements for identity assurance  Outline (PDF)
4.10 Identity Information Reference Model This document introduces an Identity Information Reference Model that describes the key identity-related elements that are common in identification processes across government and illustrates how those elements can be used in different contexts such as professional, business, or employment Business processes and information systems with requirements for identity assurance  PDF File
4.11 Identity Information Management Architecture Summary

This document provides a summary overview of the base architecture for the BC Provincial Identity Information Management System (IDIM)

System integrators and other IT service providers in the preparation of responses to Request For Proposal opportunities

 PDF File


5.  IT Management

  Standard Description Applies to Detail
5.5 Integration Broker

Specifies the approved integration brokers for the Province. Consist of a standard and guidelines.

Applies to ministries with a requirement for an on-premises integration broker. Applies, optionally, to the broader public sector.



5.8 Network to Network Connectivity (3PG) Defines the connectivity requirements that must be addressed with respect to the connection between disparate networks All network-to-network connections between SPAN/BC and external networks

Outline (PDF)

 Memo (PDF)

 Standard (PDF)

5.9 Wireless Local Area Network Security Specifies the configuration parameters required for establishing a Secure Wireless Local Area Network Facilities that provide wireless access to provincial network infrastructure

 Outline (PDF)

 Standard (PDF)


6.  IT Security

# Standard Description Applies to Detail
6.4 Interim Standards for Information Systems Security & Network Connectivity Specifies government authentication (Siteminder, IDIR, BCeID), security & privacy, application security and network connectivity standards Design of any government solution using technology

 Memo (PDF)

 Outline (PDF)


IT Asset Disposal

IT assets should be disposed of securely in order to protect any sensitive data that may reside on them All IT assets proposed for disposal  Process (URL)
6.10 Cryptographic Standards Provides minimum requirements for the cryptographic means used to protect information in transit, in storage and in process

IT assets handling sensitive information

Is applied based on the results of an STRA
 Standard (PDF)
6.11 STRA Method, Process & Tool Defines the methodology, process and tools for performing an Information Security Threat and Risk Assessment (STRA) All information handling systems (i.e. transmitting, processing and storage)  Outline (PDF)
6.12 Physical Security Provides minimum standards for the design, development and construction of telecommunications equipment rooms Facilities housing Ethernet switches, routers and government owned telecommunications assets.  Outline (PDF)
6.13 Network Security Zone Standard Describes important information pertaining to the segmentation of the Province’s network for organization deploying application on that infrastructure IT assets deployed on the Province’s network infrastructure

 Outline (PDF)

Memo  (PDF)

Standard (PDF)

6.14 Application & Web Development & Deployment Describes the mandatory security practices for the development, deployment and/or maintenance of network facing applications IT assets deployed on the Province’s network infrastructure  Outline (PDF)
6.15 Mobile Device Security Standards for the protection of information on mobile devices Any mobile device used to access, process or store BC Government information

Standard (PDF)

6.16 Database Security Standard for Information Protection (DSSIP) Standard for the protection of databases. All databases.

Standard (PDF)


6.17 Information Security Standard This standard provides a structured approach to identifying the broad spectrum of information security activities in the life-cycle of information systems.  Applies to all of core government and to all contracted service providers conducting business on behalf of government. Standard (PDF)
6.18 Information Security Classification Standard Specifies a common standard for security classification of government information (as defined under the Information Management Act). Applies to all of core government and to all contracted service providers conducting business on behalf of government.

Standard (PDF)