Information Security Policy

Last updated on August 29, 2025

The Government of British Columbia is committed to providing services to citizens that are efficient and secure. Through the adoption of new technologies, the government seeks to provide improved services while maintaining the security of government information assets. Each ministry has a Ministry Information Security Officer who can answer general questions on protecting information specific to their ministry.

About Information Security Policy

The Information Security Policy (PDF) provides cybersecurity requirements for all public service employees and organizations involved in and accountable for managing government information and technology assets.

The latest update includes a change in the format and presentation of the content to improve flow and readability.

Why this policy is important

The Information Security Policy (PDF) supports the requirements for information protection in the Freedom of Information and Protection of Privacy Act and the Information Management Act and is supplemental to Chapter 12 of the Core Policy and Procedures Manual. It provides the foundation for the information security governance program, which includes standards, procedures, training and awareness material, all of which are used to protect government information and information systems.

The ISP serves as a baseline to establish local policies and procedures necessary for the protection of the information and technology assets for the Province of British Columbia. All government employees need to understand and follow this and their ministry specific information security policies to fulfill their information protection responsibilities effectively.

The Office of the Chief Information Officer (OCIO) is responsible for developing, communicating, and implementing the Information Security Policy (PDF) across government. However, each ministry determines how to apply the policy to their business operations.

Policy requirements

The policy outlines the requirements for reducing the information security risks and minimizing the potential for information breaches, including:

Information technology (IT) asset management
Access to information systems and devices
Physical and environmental security
Network and communications security
Operations security
Encryption
Information system procurement, development, and maintenance
Supply chain risk management
Information Incident Management
Business Continuity Management
Assurance and Compliance

All employees need to be aware of their responsibilities to safeguard government information. Employees and partners who need access to more specific details, including technical security control details, can find them in the respective IM/IT security standards.

Resources

Core Policy and Procedures Manual

Appropriate Use Policy

Information Incident Management Policy

Managing Government Information Policy

IM/IT Standards

Contact us

For questions, feedback or support related to the Information Security Policy, please contact us.

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics