Find an IM/IT Standard
Last updated on March 14, 2025Find the current version of each IM/IT Standard as well as other related standards. These apply to all ministries and provincial agencies.
Gaps in numbering may be present. Contact us for more information.
On this page
- 1. Appropriate Use
- 2. Software Development
- 3. Information Management
- 4. Identity Management
- 5. IT Management
- 6. IT Security
- 7. CIRMO
1. Appropriate Use
Review IM/IT Guideline, Specification or Policy
2. Software Development
Review IM/IT Guideline, Specification or Policy
3. Information Management
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 3.01 |
Data Administration Standard |
Provides minimum criteria for data management | General information management | Standard |
| 3.03 | Mailing and Delivery Address Data Standard | Standards for addresses are useful for the collection and exchange of mailing, delivery and residential address information | The collection, presentation and exchange of citizen and business address information | Standard |
| 3.04 | Physical Address and Geocoding Standard | Geocoding is the process of determining the geographic position (coordinates) of a location from it’s physical address | During the development of the conceptual models of information systems that handle geocoding information | Outline |
| 3.05 | Date and Time Standard | Consistent date and time standards mitigate risk, enable information sharing and interoperability and improve efficiencies between IM/IT systems | Computer-generated display date and time formats, with the exception of Provincial correspondence | Outline |
| 3.06 | Document and Records Management Standard | Enterprise Document and Records Management Systems (EDRMS) are integrated software solutions used for managing documents and records from creation to disposition | Physical and electronic records management | |
| 3.07 | Aboriginal Administrative Data Standard | Government should be consistent in the way Aboriginal citizens are identified | The delivery of services and programs designed to improve the socio-economic outcomes for Aboriginal persons |
Under review |
| 3.09 | Open Data—Physical Dataset Standard | Open Dataset are files that contain machine-processable information that is accessible by the public | When publishing open datasets | Outline |
| 3.10 | Digitizing Government Information Standard | This standard provides a defensible approach to transforming government information from physical to digital formats | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 3.11 | Core Administrative and Descriptive Metadata Standard | The standard specifies nine core metadata elements that should be adapted and incorporated into metadata that is currently in use in systems that manage digital government information | Applies to Ministries, agencies, boards, and commissions that are subject to the Core Policy and Procedures Manual should apply the Standard to digital government information | |
| 3.12 | Gender and Sex Data Standard | This Standard provides consistency and guidance for the collection of gender and sex data | Ministries, agencies, boards and commissions that are subject to the Core Policy and Procedures Manual (CPPM) should apply this Standard to government information that is collected, recorded and/or used | |
| 3.13 | Indigenous Languages Technology Standard |
Outlines the technical requirements for government IM/IT systems to be able to read, write, store, process and display Indigenous languages |
Ministries, agencies, boards and commissions that are subject to the Core Policy and Procedures Manual (CPPM) should apply this Standard |
4. Identity Management
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 4.02 | BCeID Standard | BCeID provides an electronic identity that makes it possible for citizens to access government services using a single identifier and password | Information systems with requirements for authenticated identity information | |
| 4.04 | Identity Assurance Standard | Provides a framework for establishing trust and confidence between parties issuing and receiving identity claims | Business processes and information systems with requirements for identity assurance | Outline |
| 4.05 | Evidence of Identity Standard | Re-introduces the Identification Levels set out in the Identity Assurance Standard and sets evidence of identity, registration and operational diligence standards for establishing an individual’s identity | Business processes and information systems with requirements for identity assurance | Outline |
| 4.06 | Electronic Credential and Authentication Standard |
Specifies the requirements for issuing, managing and authenticating electronic credentials to differing levels of strength Supports the Identity Assurance Standard |
Business processes and information systems with requirements for identity assurance | Outline |
| 4.08 | Claims Information Standard |
Under Review Explains how to define and use claims, and provides definitions for the core set of claims related to the Identity Information Reference Model |
Business processes and information systems with requirements for identity assurance | Outline |
| 4.09 | Claims Technology Standard |
Under Review Sets the standards and profiles related to several open standard protocol specifications. Also describes standards for security controls and logon user experience to promote secure and usable implementations |
Information systems with requirements for identity assurance | Outline |
| 4.10 | Identity Information Reference Model Standard |
Under Review This document introduces an Identity Information Reference Model that describes the key identity-related elements that are common in identification processes across government and illustrates how those elements can be used in different contexts such as professional, business or employment |
Business processes and information systems with requirements for identity assurance | Standard |
| 4.11 | Identity Information Management Architecture Summary Standard |
Under Review This document provides a summary overview of the base architecture for the BC Provincial Identity Information Management System (IDIM) |
System integrators and other IT service providers in the preparation of responses to Request For Proposal opportunities |
5. IT Management
| Standard | Description | Applies to | Detail | |
|---|---|---|---|---|
| 5.08 | Network to Network Connectivity (3PG) Standard | Defines the connectivity requirements that must be addressed with respect to the connection between disparate networks | All network-to-network connections between SPAN/BC and external networks | |
| 5.09 | Wireless Local Area Network Security Standard | Specifies the configuration parameters required for establishing a Secure Wireless Local Area Network | Facilities that provide wireless access to provincial network infrastructure |
Note: Standard was moved to the IMIT 6.28 Network and Communications Security Standard |
| 5.10 | Critical Systems Standard |
Provided system management requirements for critical systems |
Any system deemed critical |
6. IT Security
Contact InfoSecAdvisoryServices@gov.bc.ca for assistance.
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 6.10 | Cryptographic Security Standard |
Under Review Provides minimum requirements for the cryptographic means used to protect information in transit, in storage and in process |
IT assets handling sensitive information Is applied based on the results of an STRA |
Available on request |
| 6.11 | Security Threat and Risk Assessment Standard |
Defines requirements for a STRA of a government information system |
Government information systems | |
| 6.13 | Network Security Zone Standard | Describes important information pertaining to the segmentation of the Province’s network for organization deploying application on that infrastructure | IT assets deployed on the Province’s network infrastructure |
Available on request |
| 6.14 | Application and Web Security Standard | Describes the mandatory security practices for the development, deployment and/or maintenance of network facing applications | IT assets deployed on the Province’s network infrastructure | |
| 6.15 | Mobile Device Management Security Standard |
Standards for the protection of information on mobile devices |
Any mobile device used to access, process or store BC Government information | |
| 6.16 | Database Security Standard | Standard for the protection of databases | All databases | |
| 6.19 | Information Security Standard |
This standard provides a structured approach to identifying the broad spectrum of information security activities in the life-cycle of information systems |
Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.23 | Asset Management Security Standard |
This standard provides a structured approach to identifying Asset Management related information security activities |
Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.24 | Access Control Security Standard | This standard provides a structured approach to identifying Access Control related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 6.26 | Physical and Environmental Security Standard | This standard provides a structured approach to identifying Physical and Environmental Security related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 6.27 | Operations Security Standard | This standard provides a structured approach to identifying Operations Security related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.28 | Network and Communications Security Standard | This standard provides a structured approach to identifying Communications Security related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.29 | System Acquisition, Development and Maintenance Security Standard | This standard provides a structured approach to identifying System Acquisition Development and Maintenance related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.30 | Supplier Relationships Security Standard | This standard provides a structured approach to identifying Supplier Relationships and Cloud Computing related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
| 6.31 | Cybersecurity Incident Management Standard | This standard provides a structured approach to identifying Information Security Incident Management related information security activities |
Applies to all government organizations (ministries, public agencies, boards and commissions) who are subject to Information Security Policy, Core Policy and Procedures Manual and legislation Applies to all contracted service providers conducting business on behalf of the B.C. government (or the contracted service providers must demonstrate compliance with ISO 27002:2022) |
|
| 6.32 | Information Security Aspects of Business Continuity Management Security Standard | This standard provides a structured approach to identifying Information Security Aspects of Business Continuity Management related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | Standard |
| 6.33 | Compliance Security Standard | This standard provides a structured approach to identifying Compliance related information security activities | Applies to all of core government and to all contracted service providers conducting business on behalf of government | |
|
6.34 |
Vulnerability Management Scanning Standard | This standard establishes a common understanding of the roles and responsibilities for vulnerability scanning. The intent is to manage security risks associated with known vulnerabilities | This standard applies to all government organizations (ministries, agencies, boards and commissions) that use government information technology services |
7. CIRMO
| # | Standard | Description | Applies to | Detail |
|---|---|---|---|---|
| 6.18 | Information Security Classification Standard |
Specifies a common standard for security classification of government information (as defined under the Information Management Act) |
Applies to all of core government and to all contracted service providers conducting business on behalf of government |