Find an IM/IT Standard
Last updated on January 17, 2025Find the current version of each IM/IT Standard as well as other related standards. These apply to all ministries and provincial agencies.
Gaps in numbering may be present. Contact us for more information.
On this page
- 1. Appropriate Use
- 2. Software Development
- 3. Information Management
- 4. Identity Management
- 5. IT Management
- 6. IT Security
- 7. CIRMO
1. Appropriate Use
Review IM/IT Guideline, Specification or Policy
2. Software Development
Review IM/IT Guideline, Specification or Policy
3. Information Management
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 3.01 |
Data Administration Standard |
Provides minimum criteria for data management | General information management | Standard |
| 3.03 | Mailing & Delivery Address Data Standard | Standards for addresses are useful for the collection and exchange of mailing, delivery and residential address information | The collection, presentation and exchange of citizen and business address information | Standard |
| 3.04 | Physical Address & Geocoding Standard | Geocoding is the process of determining the geographic position (coordinates) of a location from it’s physical address | During the development of the conceptual models of information systems that handle geocoding information | Outline |
| 3.05 | Date & Time Standard | Consistent date and time standards mitigate risk, enable information sharing and interoperability and improve efficiencies between IM/IT systems | Computer-generated display date and time formats, with the exception of Provincial correspondence | Outline |
| 3.06 | Document & Records Management Standard | Enterprise Document and Records Management Systems (EDRMS) are integrated software solutions used for managing documents and records from creation to disposition | Physical and electronic records management | |
| 3.07 | Aboriginal Administrative Data Standard | Government should be consistent in the way Aboriginal citizens are identified | The delivery of services and programs designed to improve the socio-economic outcomes for Aboriginal persons |
Under review |
| 3.09 | Open Data—Physical Dataset Standard | Open Dataset are files that contain machine-processable information that is accessible by the public | When publishing open datasets | Outline |
| 3.10 | Digitizing Government Information Standard | This standard provides a defensible approach to transforming government information from physical to digital formats | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 3.11 | Core Administrative and Descriptive Metadata Standard | The standard specifies nine core metadata elements that should be adapted and incorporated into metadata that is currently in use in systems that manage digital government information. | Applies to Ministries, agencies, boards, and commissions that are subject to the Core Policy and Procedures Manual should apply the Standard to digital government information | |
| 3.12 | Gender and Sex Data Standard | This Standard provides consistency and guidance for the collection of gender and sex data. | Ministries, agencies, boards, and commissions that are subject to the Core Policy and Procedures Manual (CPPM) should apply this Standard to government information that is collected, recorded and/or used. | |
| 3.13 | Indigenous Languages Technology Standard |
Outlines the technical requirements for government IM/IT systems to be able to read, write, store, process, and display Indigenous languages. |
Ministries, agencies, boards, and commissions that are subject to the Core Policy and Procedures Manual (CPPM) should apply this standard. |
4. Identity Management
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 4.02 | BCeID Standard | BCeID provides an electronic identity that makes it possible for citizens to access government services using a single identifier and password | Information systems with requirements for authenticated identity information | |
| 4.04 | Identity Assurance Standard | Provides a framework for establishing trust and confidence between parties issuing and receiving identity claims | Business processes and information systems with requirements for identity assurance | Outline |
| 4.05 | Evidence of Identity Standard | Re-introduces the Identification Levels set out in the Identity Assurance Standard and sets evidence of identity, registration and operational diligence standards for establishing an individual’s identity | Business processes and information systems with requirements for identity assurance | Outline |
| 4.06 | Electronic Credential & Authentication Standard |
Specifies the requirements for issuing, managing and authenticating electronic credentials to differing levels of strength. Supports the Identity Assurance Standard |
Business processes and information systems with requirements for identity assurance | Outline |
| 4.08 | Claims Information Standard |
Under Review Explains how to define and use claims, and provides definitions for the core set of claims related to the Identity Information Reference Model |
Business processes and information systems with requirements for identity assurance | Outline |
| 4.09 | Claims Technology Standard |
Under Review Sets the standards and profiles related to several open standard protocol specifications. Also describes standards for security controls and logon user experience to promote secure and usable implementations |
Information systems with requirements for identity assurance | Outline |
| 4.10 | Identity Information Reference Model Standard |
Under Review This document introduces an Identity Information Reference Model that describes the key identity-related elements that are common in identification processes across government and illustrates how those elements can be used in different contexts such as professional, business, or employment |
Business processes and information systems with requirements for identity assurance | Standard |
| 4.11 | Identity Information Management Architecture Summary Standard |
Under Review This document provides a summary overview of the base architecture for the BC Provincial Identity Information Management System (IDIM) |
System integrators and other IT service providers in the preparation of responses to Request For Proposal opportunities |
5. IT Management
| Standard | Description | Applies to | Detail | |
|---|---|---|---|---|
| 5.08 | Network to Network Connectivity (3PG) Standard | Defines the connectivity requirements that must be addressed with respect to the connection between disparate networks | All network-to-network connections between SPAN/BC and external networks | |
| 5.09 | Wireless Local Area Network Security Standard | Specifies the configuration parameters required for establishing a Secure Wireless Local Area Network | Facilities that provide wireless access to provincial network infrastructure |
Note: Standard was moved to the IMIT 6.28 Network and Communications Security Standard |
| 5.10 | Critical Systems Standard |
Provided system management requirements for critical systems |
Any system deemed critical |
6. IT Security
Contact InfoSecAdvisoryServices@gov.bc.ca for assistance.
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 6.10 | Cryptographic Security Standard |
Under Review Provides minimum requirements for the cryptographic means used to protect information in transit, in storage and in process |
IT assets handling sensitive information Is applied based on the results of an STRA |
Available on request |
| 6.11 | Security Threat and Risk Assessment Standard |
Defines requirements for a Security Threat and Risk Assessment (STRA) of a government information system |
Government information systems | |
| 6.13 | Network Security Zone Standard | Describes important information pertaining to the segmentation of the Province’s network for organization deploying application on that infrastructure | IT assets deployed on the Province’s network infrastructure |
Available on request |
| 6.14 | Application and Web Security Standard | Describes the mandatory security practices for the development, deployment and/or maintenance of network facing applications | IT assets deployed on the Province’s network infrastructure | |
| 6.15 | Mobile Device Management Security Standard |
Standards for the protection of information on mobile devices |
Any mobile device used to access, process or store BC Government information | |
| 6.16 | Database Security Standard | Standard for the protection of databases | All databases | |
| 6.19 | Information Security Standard |
This standard provides a structured approach to identifying the broad spectrum of information security activities in the life-cycle of information systems |
Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.23 | Asset Management Security Standard |
This standard provides a structured approach to identifying Asset Management related information security activities |
Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.24 | Access Control Security Standard | This standard provides a structured approach to identifying Access Control related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 6.26 | Physical and Environmental Security Standard | This standard provides a structured approach to identifying Physical and Environmental Security related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 6.27 | Operations Security Standard | This standard provides a structured approach to identifying Operations Security related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.28 | Network and Communications Security Standard | This standard provides a structured approach to identifying Communications Security related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.29 | System Acquisition, Development and Maintenance Security Standard | This standard provides a structured approach to identifying System Acquisition Development and Maintenance related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.30 | Supplier Relationships and Cloud Computing Security Standard | This standard provides a structured approach to identifying Supplier Relationships and Cloud Computing related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.31 | Cybersecurity Incident Management Standard | This standard provides a structured approach to identifying Information Security Incident Management related information security activities | This standard applies to: - All government organizations (ministries, public agencies, boards, and commissions) who are subject to Information Security Policy, Core Policy and Procedures Manual, and legislation. • Contracted service providers conducting business on behalf of the B.C. government (or the contracted service providers must demonstrate compliance with ISO 27002:2022). |
|
| 6.32 | Information Security Aspects of Business Continuity Management Security Standard | This standard provides a structured approach to identifying Information Security Aspects of Business Continuity Management related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 6.33 | Compliance Security Standard | This standard provides a structured approach to identifying Compliance related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
|
6.34 |
Vulnerability Management Scanning Standard | This standard establishes a common understanding of the roles and responsibilities for vulnerability scanning. The intent is to manage security risks associated with known vulnerabilities | This standard applies to all government organizations (ministries, agencies, boards and commissions) that use government information technology services |
7. CIRMO
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 6.18 | Information Security Classification Standard |
Specifies a common standard for security classification of government information (as defined under the Information Management Act) |
Applies to all of core government and to all contracted service providers conducting business on behalf of government |