Find an IM/IT Standard

Here you can find the current version of each IM/IT Standard as well as other, related, standards. These apply to all ministries and provincial agencies.

Gaps in numbering is because some become obsolete or been moved. More detail can be found in the detail column or contact us.

1.   Appropriate Use

Please see IM/IT Guideline, Specification or Policy

2.  Software Development

Please see IM/IT Guideline, Specification or Policy

3.  Information Management

# Standard Description Applies to Detail
3.01

Data Administration

Provides minimum criteria for data management General information management  Standard
3.03 Mailing & Delivery Address Data Standards for addresses are useful for the collection and exchange of mailing, delivery and residential address information The collection, presentation and exchange of citizen and business address information  Standard
3.04 Physical Address & Geocoding Geocoding is the process of determining the geographic position (coordinates) of a location from it’s physical address During the development of  the conceptual models of information systems that handle geocoding information Outline
3.05 Date & Time Consistent date and time standards mitigate risk, enable information sharing and interoperability and improve efficiencies between IM/IT systems Computer-generated display date and time formats, with the exception of Provincial correspondence  Outline
3.06 Document & Records Mgmt Enterprise Document and Records Management Systems (EDRMS) are integrated software solutions used for managing documents and records from creation to disposition Physical and electronic records management

 Outline

 Memo

3.07 Aboriginal Administrative Data Government should be consistent in the way Aboriginal citizens are identified The delivery of services and programs designed to improve the socio-economic outcomes for Aboriginal persons

 Under Review

3.09 Open Data—Physical Dataset Open Dataset are files that contain machine-processable information that is accessible by the public When publishing open datasets  Outline
3.10 Digitizing Government Information This standard provides a defensible approach to transforming government information from physical to digital formats Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
3.11 Core Administrative and Descriptive Metadata Guidelines The standard specifies nine core metadata elements that should be adapted and incorporated into metadata that is currently in use in systems that manage digital government information. Applies to  Ministries, agencies, boards, and commissions that are subject to the Core Policy and Procedures Manual should apply the Standard to digital government information

Standard

See Guideline 3.11

 

4.  Identity Management

# Standard Description Applies to Detail
4.02 BCeID BCeID provides an electronic identity that makes it possible for citizens to access government services using a single identifier and password Information systems with requirements for authenticated identity information

 Outline

 Memo

4.04 Identity Assurance Provides a framework for establishing trust and confidence between parties issuing and receiving identity claims Business processes and information systems with requirements for identity assurance  Outline
4.05 Evidence of Identity Re-introduces the Identification Levels set out in the Identity Assurance Standard and sets evidence of identity, registration and operational diligence standards for establishing an individual’s identity Business processes and information systems with requirements for identity assurance  Outline
4.06 Electronic Credential & Authentication

Specifies the requirements for issuing, managing and authenticating electronic credentials to differing levels of strength.

Supports the Identity Assurance Standard
Business processes and information systems with requirements for identity assurance  Outline
4.08 Claims Information

Under Review

Explains how to define and use claims, and provides definitions for the core set of claims related to the Identity Information Reference Model
Business processes and information systems with requirements for identity assurance  Outline
4.09 Claims Technology

Under Review

Sets the standards and profiles related to several open standard protocol specifications. Also describes standards for security controls and logon user experience to promote secure and usable implementations
Information systems with requirements for identity assurance  Outline
4.10 Identity Information Reference Model

Under Review

This document introduces an Identity Information Reference Model that describes the key identity-related elements that are common in identification processes across government and illustrates how those elements can be used in different contexts such as professional, business, or employment
Business processes and information systems with requirements for identity assurance  Standard
4.11 Identity Information Management Architecture Summary

Under Review

This document provides a summary overview of the base architecture for the BC Provincial Identity Information Management System (IDIM)

System integrators and other IT service providers in the preparation of responses to Request For Proposal opportunities

 Standard

 

5.  IT Management

  Standard Description Applies to Detail
5.08 Network to Network Connectivity (3PG) Defines the connectivity requirements that must be addressed with respect to the connection between disparate networks All network-to-network connections between SPAN/BC and external networks

Outline

 Memo

Standard

See Specification 5.08

5.09 Wireless Local Area Network Security Specifies the configuration parameters required for establishing a Secure Wireless Local Area Network Facilities that provide wireless access to provincial network infrastructure

 Outline
 

Standard

5.10 Critical Systems

Provided system management requirements for critical systems

Any system deemed critical

Standard

See Guideline 5.11


 

6.  IT Security

(for assistance: InfoSecAdvisoryServices@gov.bc.ca)

# Standard Description Applies to Detail
6.06

IT Asset Disposal

IT assets should be disposed of securely in order to protect any sensitive data that may reside on them All IT assets proposed for disposal  Process
6.10 Cryptographic

Under Review

Provides minimum requirements for the cryptographic means used to protect information in transit, in storage and in process

IT assets handling sensitive information

Is applied based on the results of an STRA
 Standard
6.11 Security Threat and Risk Assessment

Defines requirements for a Security Threat and Risk Assessment (STRA) of a government information system

Government information systems

Standard

See Guideline 6.11

6.12 Physical Security Provides minimum standards for the design, development and construction of telecommunications equipment rooms Facilities housing Ethernet switches, routers and government owned telecommunications assets  Standard
6.13 Network Security Zone Describes important information pertaining to the segmentation of the Province’s network for organization deploying application on that infrastructure IT assets deployed on the Province’s network infrastructure

Available by request

6.14 Application & Web Development & Deployment Describes the mandatory security practices for the development, deployment and/or maintenance of network facing applications IT assets deployed on the Province’s network infrastructure  Standard
6.15 Mobile Device Security

Standards for the protection of information on mobile devices

Any mobile device used to access, process or store BC Government information

Standard

See Guideline 6.15

6.16 Database Security Standard for Information Protection (DSSIP) Standard for the protection of databases All databases

Standard

FAQs

6.18 Information Security Classification

Specifies a common standard for security classification of government information (as defined under the Information Management Act)

Applies to all of core government and to all contracted service providers conducting business on behalf of government

Standard

See Guideline 6.18

6.19 Information Security

This standard provides a structured approach to identifying the broad spectrum of information security activities in the life-cycle of information systems

Applies to all of core government and to all contracted service providers conducting business on behalf of government

Standard

See Guideline 6.19

6.23 Asset Management Security

This standard provides a structured approach to identifying Asset Management related information security activities

Applies to all of core government and to all contracted service providers conducting business on behalf of government

Standard

See Guideline 6.23

6.24 Access Control Security This standard provides a structured approach to identifying Access Control related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.26 Physical and Environmental Security This standard provides a structured approach to identifying Physical and Environmental Security related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.27 Operations Security This standard provides a structured approach to identifying Operations Security  related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.28 Communications Security This standard provides a structured approach to identifying Communications Security  related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.29 System Acquisition Development and Maintenance Security This standard provides a structured approach to identifying System Acquisition Development and Maintenance related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.30 Supplier Relationships and Cloud Computing Security This standard provides a structured approach to identifying Supplier Relationships and Cloud Computing related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.31 Information Security Incident Management Security This standard provides a structured approach to identifying Information Security Incident Management related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.32 Information Security  Aspects of Business Continuity Management Security This standard provides a structured approach to identifying Information Security  Aspects of Business Continuity Management  related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government Standard
6.33 Compliance Security This standard provides a structured approach to identifying Compliance related information security activities Applies to all of core government and to all contracted service providers conducting business on behalf of government

Standard

6.34 Vulnerability Management Scanning This standard establishes a common understanding of the roles and responsibilities for vulnerability scanning. The intent is to manage security risks associated with known vulnerabilities This standard applies to all government organizations (ministries, agencies, boards and commissions) that use government information technology services

Standard


Guideline