Information Incident Management Process

Transcription

1 September 2011 Infrmatin Incident Management Prcess Office f the Gvernment Chief Infrmatin Officer Ministry f Citizens Services and Open Gvernment

2 Table f Cntents Plicy Overview... 3 Objectives... 3 Scpe... 3 Supprting Dcuments:... 4 Sectin 1: Infrmatin Incidents... 5 Sectin 2: Appendices Ministry f Citizens Services and Open Gvernment Page 2

3 Infrmatin Incident Management Prcess Plicy Overview This plicy was develped t prvide plicy directin t guide emplyees and business wners (including supervisrs and cntract service prviders) in respnding t incidents that threaten infrmatin privacy r security. Plicy directin is ffered thrugh the fllwing sectins: Sectin 1 Infrmatin Incidents Sectin 2 Appendices A. Key Definitins B. Prcess Flw Chart C. Infrmatin Management/Infrmatin Technlgy (IM/IT) Guiding Principles Fr questins r cmments regarding this plicy and ther Infrmatin Management/Infrmatin Technlgy plicy, please cntact: Infrmatin Security Branch Office f the Gvernment Chief Infrmatin Officer Ministry f Citizens Services Telephne: Objectives The bjectives f this plicy are t: 1. Prvide a plicy framewrk fr respnding t infrmatin incidents in accrdance with legislative and plicy requirements; 2. Cnslidate plicy by functin (infrmatin incident management) rather than by business area (security, privacy, recrds management, etc.); 3. Assist emplyees and business wners (including supervisrs and service prviders) in understanding their respnsibilities in addressing infrmatin incidents. Scpe This plicy applies t emplyees and business wners (including supervisrs and cntract service prviders) r any persn handling infrmatin managed (e.g., cllected, accessed,used, shared, stred, disclsed, dispsed f, r archived) by the gvernment f British Clumbia. Ministry f Citizens Services and Open Gvernment Page 3

4 Supprting Dcuments: The fllwing dcuments and tls supprt the applicatin f this plicy: 1. Freedm f Infrmatin and Prtectin f Privacy Act (FOIPPA) 2. Prcess fr Respnding t Privacy Breaches 3. Infrmatin Security Plicy 4. General Incident and Lss Reprt (GILR) 5. Infrmatin Incident Checklist 6. Easy Guide fr Infrmatin Incidents Ministry f Citizens Services and Open Gvernment Page 4

5 Sectin 1: Infrmatin Incidents This sectin defines the steps that must ccur in respnse t an infrmatin incident, including the rles and respnsibilities f the stakehlders. An infrmatin incident is a single r a series f unwanted r unexpected events that threaten privacy r infrmatin security. Infrmatin incidents include the cllectin, use, disclsure, access, dispsal, r strage f infrmatin, whether accidental r deliberate, that is nt authrized by the business wner f that infrmatin. Infrmatin incidents include privacy breaches, which are a cllectin, use, disclsure, access, dispsal, r strage f persnal infrmatin, whether accidental r deliberate, that is nt authrized by the Freedm f Infrmatin and Prtectin f Privacy Act (see Appendix A Key Definitins fr ther terms.) Plicy Prcess 1. The Gvernment Chief Infrmatin Officer is respnsible fr the crdinatin, investigatin, and reslutin f infrmatin incidents. 2. All actual r suspected infrmatin incidents must be reprted immediately t yur supervisr and t the Gvernment Chief Infrmatin Officer using the Infrmatin Incident Management Prcess (belw). 3. The Gvernment Chief Infrmatin Officer is slely respnsible fr liaising with the Office f the Infrmatin and Privacy Cmmissiner regarding an actual r suspected privacy breach. The nly exceptin may ccur under the Whistle Blwer prvisin within Sectin 30.3 f the FOIPP Act which allws fr infrmatin sharing with the Cmmissiner by an emplyee acting in gd faith. 4. Deputy Ministry s will be respnsible fr decisins relating t ntificatins when a decisin must be made t nt ntify individual(s) based n a balance f harms. Event Reprting and Triage Phase 1. Any emplyee, service prvider r ther persn wh discvers a suspected r actual infrmatin incident (including privacy breaches) must immediately reprt it t their supervisr r designated management cntact (if ne has been appinted). 2. The supervisr r management cntact, must als immediately reprt the infrmatin incident t the Office f the Gvernment Chief Infrmatin Officer by: a. Calling the Shared Services BC Service Desk at r tll-free at (available 24 hurs a day); and b. Selecting Optin 3 and stating they require an Infrmatin Incident Investigatin. Ministry f Citizens Services and Open Gvernment Page 5

6 In circumstances where the supervisr r management cntact is nt immediately available (in persn r by phne), the emplyee, service prvider r ther persn must immediately reprt the infrmatin incident as indicated abve. The service desk will take cntact infrmatin and create a ticket fr the incident reprt. The ticket will be delivered t the Gvernment Chief Infrmatin Officer s Investigatins Unit, the Chief Infrmatin Security Officer, and the Privacy Investigatins Unit. 3. Whever reprted the incident t in step 2 abve must als reprt it t their Ministry Chief Infrmatin Officer. Where apprpriate, the Ministry Chief Infrmatin Officer als ntifies the ministry executive (deputy minister / assistant deputy minister). The business wner r emplyee reprts the infrmatin incident t the Risk Management Branch thrugh a General Incident Lss Reprt (GILR) within 24 hurs f its discvery. 4. The Investigatins Unit cntacts the infrmatin incident reprter t: Assess and dcument the infrmatin incident including, if applicable, the nature, sensitivity, vlume, impact and type f incident (physical and/r infrmatin); Assist with reslving the incident and cntaining the infrmatin incident (if applicable) if it is still nging; and Prvide the infrmatin incident reprter with instructins explaining the incident respnse prcess and pririties (e.g., cntain the lss, prevent a recurrence, and determine next steps). 5. The Investigatins Unit reprts t the Standing Respnse Team. The Standing Respnse Team assesses the incident, assigns the Incident Lead wh establishes the Incident Actin Team that includes the business wner and, depending n the nature f the infrmatin incident, may include the Ministry Infrmatin Security Officer, and delegates frm the BC Public Service Agency. The Incident Actin Team als decides if additinal infrmatin shuld be gathered t determine the respnse strategy and t define wrk assignments accrding t relevant factrs, including: Type f infrmatin incident (physical and/r infrmatin); Nature and sensitivity f the incident; Vlume; and Impact and implicatins f unauthrized disclsure r asset lss. 6. The Incident Lead determines whether the infrmatin incident is majr r minr, based n relevant factrs that include: The incident invlves multiple ministries; Ministry f Citizens Services and Open Gvernment Page 6

7 The incident invlves persnal r sensitive infrmatin; Whether there is, r culd have been, a reasnable expectatin f harm t any individuals as a result f the incident; Whether individuals will be, r have been, ntified that their persnal infrmatin was breached; Whether the incident will be, r has been, reprted t the independent ffices f the Legislative Assembly, including the Office f the Infrmatin and Privacy Cmmissiner and the Office f the Auditr General; r Whether the incident has a serius r ptentially serius public impact. a) Minr infrmatin incidents: The Incident Lead will be the main pint f cntact fr the breach. The Incident Lead will refer all minr infrmatin incidents t the Ministry Chief Infrmatin Officer fr fllw-up and reslutin in cllabratin with the business wner. If the minr incident is a privacy breach, the Privacy Investigatins Unit in the Infrmatin Security Branch gives peratinal supprt and assistance as needed. If the minr breach is nt a privacy breach, the Investigatin Unit in the Infrmatin Security Branch gives peratinal supprt and assistance as needed. When requested by the Office f the Chief Infrmatin Officer, the business wner prvides a final reprt t the Ministry Chief Infrmatin Officer, the Chief Infrmatin Security Officer, and the Incident Lead. The Chief Infrmatin Security Officer r the Incident Lead will prvide peridic updates t the Gvernment Chief Infrmatin Officer as apprpriate and as needed. b) Majr infrmatin incidents: The Incident Lead crdinates an incident management and investigatin prcess in rder t cnduct an assessment and gather evidence (see Appendix B fr the prcess flw). Status reprts are sent t the Chief Infrmatin Security Officer and/the Directr, Privacy Investigatins Unit (fr incidents invlving persnal infrmatin), wh prvide peridic updates t the Gvernment Chief Infrmatin Officer as apprpriate and as needed. Nte: Privacy breaches are reslved in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. 7. Executive Ntificatins: The Chief Infrmatin Security Officer r (fr privacy breaches) Directr f the Privacy Investigatins Unit infrms the Gvernment Chief Infrmatin Officer, Ministry Chief Infrmatin Officer, Gvernment Cmmunicatins and Public Engagement, and ther Standing Respnse Team members. The Gvernment Chief Infrmatin Officer infrms the Deputy Minister f Citizens Services, wh will infrm the Minister f Citizens Services where apprpriate. Ministry f Citizens Services and Open Gvernment Page 7

8 The Ministry Chief Infrmatin Officer infrms that ministry s executive, including its deputy minister. An executive steering grup may be created t crdinate gvernment cmmunicatins. The Gvernment Chief Infrmatin Officer will liaise with the Infrmatin and Privacy Cmmissiner in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. In situatins requiring the invlvement f law enfrcement, the Incident Lead ntifies the Assistant Deputy Minister, Plice Services Divisin, Ministry f Public Safety and Slicitr General. Where this invlves a public servant, the Incident Lead must als ntify the Public Service Agency. Additinally, when the Public Service Agency becmes aware that a public servant is subject t criminal investigatin, they must: i. Call the Shared Services BC Service Desk at r tll-free at (available 24 hurs a day); and ii. Select Optin 3 and state that they require a Security Investigatin. Investigatin and Reslutin Phase fr Majr Infrmatin Incidents 8. The Incident Lead leads the investigatin and management f the incident. The Privacy Investigatins Unit takes the lead fr privacy breaches; the Investigatins Unit takes the lead fr ther infrmatin incidents. During the investigatin: The Incident Lead will wrk with the affected ministry, s the ministry can ntify affected parties and take ther required actins as apprpriate. Ntificatin fr privacy breaches is in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. The Incident Lead will prvide status reprts t the Chief Infrmatin Security Officer, the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin), the Ministry Chief Infrmatin Officer, and the business wner. The Chief Infrmatin Security Officer r the Directr, Privacy Investigatins Unit (fr incidents invlving persnal infrmatin) will prvide status reprts t the Gvernment Chief Infrmatin Officer. Where necessary, the Gvernment Chief Infrmatin Officer liaises with the respnsible ministry s executive (deputy minister / assistant deputy minister) and the Office f the Infrmatin and Privacy Cmmissiner. 9. Ntificatin f Affected Individuals The impact f privacy breaches must be reviewed t determine if it is apprpriate t ntify individuals whse persnal infrmatin has been affected by the breach. The Incident Lead will wrk with the affected ministry, s the ministry can ntify affected parties and take ther required actins as apprpriate. Ntificatin fr privacy breaches is in accrdance with gvernment s Prcess fr Respnding t Privacy Breaches. Ministry f Citizens Services and Open Gvernment Page 8

9 The key cnsideratin in deciding whether t ntify an affected individual is whether it is necessary t avid r mitigate harm t an individual, such as: A risk f identity theft r fraud A risk f physical harm A risk f hurt, humiliatin r damage t reputatin r A risk t business r emplyment pprtunities. Other cnsideratins in determining whether t ntify individuals include: Legislative requirements fr ntificatin; Cntractual bligatins requiring ntificatin; A risk f lss f cnfidence in the public bdy and/r gd custmer/client relatins dictates that ntificatin is apprpriate. Cmpliance Ntificatin is determined based n the balance f harms. Under this principle, an individual(s) wh culd ptentially face harm as a result f an infrmatin incident may nt be ntified if it is determined that the harm that wuld result frm cnducting ntificatin wuld utweigh the benefit t be gained frm the ntificatin. Imprtant: Where an infrmatin incident invlves the ptential fr significant harm t an individual(s), the decisin t nt ntify individual(s) is based n the balance f harms and must be apprved by the Deputy Minister f the respnsible ministry. If it is determined that ntificatin f individuals is apprpriate: Ntificatin shuld ccur as sn as pssible fllwing the breach and Affected individuals shuld be ntified directly, whenever pssible. 10. When clsing an infrmatin incident file, the Incident Lead ntifies the Chief Infrmatin Security Officer, the Directr, Privacy Investigatins Unit (fr incidents invlving persnal infrmatin), the Ministry Chief Infrmatin Officer, and the business wner. In sme cases the Incident Lead writes a final reprt, including recmmendatins, and submits it t required stakehlders. There are tw types f recmmendatins included in final reprts: mandatry recmmendatins (directives), which must be implemented; and advisry recmmendatins, which the ministry decides whether t implement (the Ministry Chief Infrmatin Officer infrms the Office f the Gvernment Chief Infrmatin Officer f the decisin). 11. Gvernment, the ministry, r the business wner is, as applicable, respnsible fr implementing the final reprt s mandatry recmmendatins and reprting their status and results t the Ministry Chief Infrmatin Officer, Chief Infrmatin Security Officer and Ministry f Citizens Services and Open Gvernment Page 9

10 the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin). 12. The Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin) review the reprt and, if necessary, frward implementatin results t the Gvernment Chief Infrmatin Officer. 13. The Chief Infrmatin Security Officer may perfrm cmpliance reviews r may audit the implementatin f the recmmendatins and its effectiveness. The CISO reprts the review r audit results t Gvernment Chief Infrmatin Officer. (Fr privacy issues, the Directr f the Privacy Investigatins Unit will als participate in the audit/review prcess). Respnsibilities Emplyee Supervisr In the case f the actual r suspected incident, the emplyee s respnsibilities are t: Reprt the infrmatin incident immediately t their supervisr, the Gvernment Chief Infrmatin Officer (by calling the Shared Services BC Service Desk at r tll-free at and selecting Optin 3), and the Ministry Chief Infrmatin Officer. Recver the cnfidential r persnal infrmatin if pssible, r therwise cntain the incident t lessen the impacts and implicatins fr gvernment and individuals. (Nte: If the incident invlves infrmatin technlgy, seek the directin f the Investigatins Unit befre taking any cntainment steps). Remediate the infrmatin incident by wrking cllabratively with the Investigatin Unit, Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff r thers t determine the specifics f the incident and reslve it. Prevent infrmatin incidents by being diligent in the handling f cnfidential r persnal infrmatin, and being an active participant in develping the culture f prudent infrmatin management. In the case f the actual r suspected incident supervisr s respnsibilities are t: Reprt receive the reprt abut the infrmatin incident frm the emplyee and prvide directin n assessing the incident and ensuring it is reprted centrally (t the Office f the Gvernment Chief Infrmatin Officer by calling the Shared Services BC Service Desk at r tll-free at and selecting Optin 3) and lcally (ntifying senir managers, the Ministry Chief Infrmatin Officer) within the wrkplace. Recver determine if the cnfidential r persnal infrmatin can be recvered, r if the lss/disclsure can therwise be cntained. (Nte: If the incident invlves infrmatin technlgy, seek the directin f the Investigatins Unit befre taking any cntainment steps). Ministry f Citizens Services and Open Gvernment Page 10

11 Remediate wrk cllabratively with the Business Owner, the Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff, r thers t determine the specifics f the infrmatin incident and t implement the steps needed t reslve it. Prevent infrmatin incidents by Implementing recmmendatins frm the Incident Reprt and ensuring that emplyees knw and understand hw t apply changes in the handling f cnfidential r persnal infrmatin. Participating in the develpment f a culture fr the prudent management f infrmatin, including by prviding training. Ensuring emplyees understand their respnsibility in reprting all actual and suspected infrmatin incidents, including cntaining the lss and/r recvering the infrmatin. Business Owner and Cntract Manager In the case f the actual r suspected infrmatin incident, the business wner s and gvernment Cntract Managers respnsibilities are t: Reprt ensure the infrmatin incident is reprted immediately t the Office f the Gvernment Chief Infrmatin Officer (by calling the Shared Services BC Service Desk at r tll-free at and selecting Optin 3), senir managers, and the Ministry Chief Infrmatin Officer. Recver the cnfidential r persnal infrmatin if pssible, r therwise cntain the incident t lessen the impacts and implicatins fr gvernment and individuals. (Nte: If the incident invlves infrmatin technlgy, seek the directin f the Investigatins Unit befre taking any cntainment steps). Remediate the infrmatin incident: As incident wner and as apprpriate as gvernment cntract manager n behalf f a cntracted service prvider By wrking cllabratively with the Investigatin Unit By supprting the investigatin and the Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff, r thers t determine the specifics f the infrmatin incident and reslve it By ntifying individuals r parties affected by the incident, where directed Prevent infrmatin incidents by: Ensuring that emplyees knw and understand hw t apply changes in the handling f cnfidential r persnal infrmatin. Being diligent in the handling f cnfidential r persnal infrmatin. Implementing recmmendatins frm the Infrmatin Incident Reprt Prcess and reprting the results the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit, Infrmatin Security Branch. Develping a culture fr the prudent management f infrmatin, including by prviding training. Ensuring emplyees understand their respnsibility in reprting infrmatin incidents, including cntaining the lss and/r recvering the infrmatin. Ensuring Cntractrs and Service Prviders understand their respnsibilities under the Infrmatin Incident Reprt Prcess and wrking with them t ensure timely and accurate reprting. Ministry f Citizens Services and Open Gvernment Page 11

12 Supprting the audit activities f the Office f the Gvernment Chief Infrmatin Officer. Cntractr r Service Prvider In the case f an actual r suspected infrmatin incident, the cntractr s respnsibilities are t: Reprt Cntractrs will ensure that any f their emplyees, service prviders, r ther persns wh discvers a suspected r actual infrmatin incident (including privacy breaches) immediately ntify their supervisr r manager and reprt it t their Gvernment cntract manager. The gvernment cntract manager is then required t immediately reprt the infrmatin incident t the Office f the Gvernment Chief Infrmatin Officer by: Calling the Shared Services BC Service Desk at r tll-free at (available 24 hurs a day); and selecting Optin 3 and stating they are reprting an infrmatin incident. In circumstances where the cntractr s emplyee, service prvider r ther persn is unable t immediately infrm their supervisr r manager, they are required t immediately reprt the infrmatin incident t their Gvernment cntract manager. In circumstances where the emplyee, supervisr r manager is unable t immediately infrm the gvernment cntract manager, they are required t immediately reprt the infrmatin incident as utlined abve by calling the Shared Services BC Service Desk and fllwing up as sn pssible thereafter with the gvernment cntract manager. Recver the cnfidential r persnal infrmatin if pssible, r therwise cntain the incident t lessen the impacts and implicatins fr gvernment and individuals. (Nte: If the incident invlves gvernment infrmatin technlgy, seek the directin f the Cntract Manager t seek the assistance f the Investigatins Unit befre taking any cntainment steps). Remediate the infrmatin incident: With the gvernment Cntract Manager as the incident wner By wrking cllabratively with the Cntract Manager and the Investigatin Unit By supprting the investigatin and the Standing Respnse Team, the Gvernment Chief Infrmatin Officer s staff, r thers t determine the specifics f the infrmatin incident and reslve it By ntifying individuals r parties affected by the incident, where and as directed by the Incident Actin Team and the gvernment cntract manager. Prevent infrmatin incidents by: Ensuring that emplyees knw and understand hw t apply changes in the handling f cnfidential r persnal infrmatin. Being diligent in the handling f cnfidential r persnal infrmatin. Ministry f Citizens Services and Open Gvernment Page 12

13 Implementing recmmendatins frm the Infrmatin Incident Reprt Prcess and reprting the results the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit, Infrmatin Security Branch. Develping a culture fr the prudent management f infrmatin, including by prviding training. Ensuring emplyees understand their respnsibility in reprting infrmatin incidents, including cntaining the lss and/r recvering the infrmatin. Ministry Chief Infrmatin Officer (MCIO) Ministry pint f cntact fr: receiving reprts abut the management f the incident frm the supervisr, emplyee, r business wner (including service prviders); cmmunicating advice and infrmatin t / frm the Incident Lead and the Standing Respnse Team; and receiving status reprts and the final investigatin reprt frm the Infrmatin Incident Lead, and distributing them as necessary. Fr minr infrmatin incidents, the MCIO is the Incident Lead s main pint f cntact fr fllw-up and reslutin in cllabratin with the business wner. Ensures infrmatin incidents are reprted within 24 hurs t the Risk Management Branch via the General Incident and Lss Reprt. Crdinates infrmatin incident cmmunicatin and updates internally (including with ministry executive). Respnsible within the ministry fr delegatin f rles and respnsibilities under this infrmatin incident prcess. Supprts the infrmatin incident investigatin prcess. Liaises with ther ministry chief infrmatin fficers in multi-ministry incidents. Ensures that the business wner (including service prviders) reprts the result f the infrmatin incident reslutin t the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin). Reviews the infrmatin incident investigatin reprts and cnveys results t the respnsible ministry executives as apprpriate. Assists prgram areas in reviewing and rectifying existing prcedures, where necessary. Ensures that the business wner implements the recmmendatins f the final reprt and reprts the implementatin results t the Chief Infrmatin Security Officer and the Directr f the Privacy Investigatins Unit (fr incidents invlving persnal infrmatin). Ensures that the audit activities f the Office f the Gvernment Chief Infrmatin Officer are supprted by the ministry. Receives, fllws up and reslves minr incidents in cllabratin with the business wner. Ministry Executives (DMs, ADMs) Receives reprts n infrmatin incidents frm Ministry Chief Infrmatin Officer and thers, as applicable. Ensures that details abut the infrmatin incident are cnveyed as necessary t senir levels f gvernment. Supprts the infrmatin incident investigatin. Ensures that the recmmendatins f the final reprt are apprpriately implemented. Ministry f Citizens Services and Open Gvernment Page 13

14 Chief Infrmatin Security Officer (CISO) Member f the Standing Respnse Team. Reprts infrmatin incidents (except privacy breaches) t the Gvernment Chief Infrmatin Officer, where apprpriate. Fllws established prtcls fr criminal ffenses r ther law enfrcement matters. Reviews ministries reprts n hw they reslved infrmatin incidents. Reviews investigatin reprts. Prvides reprts n infrmatin incident investigatins, except fr privacy breaches, t the Gvernment Chief Infrmatin Officer. Reviews reprts n the implementatin f recmmendatins. Initiates audits n the implementatin f recmmendatins, where necessary. Directr f the Privacy Investigatins Unit, Infrmatin Security Branch Member f the Standing Respnse Team. Reprts privacy breaches t the Gvernment Chief Infrmatin Officer, where apprpriate. Reviews ministries reprts n hw they reslved privacy breaches. Prvides reprts n privacy breach investigatins t the Gvernment Chief Infrmatin Officer. Reviews reprts n the implementatin f recmmendatins cncerning privacy breaches. Recmmends audits t the CISO n the implementatin f recmmendatins, where necessary. Participates in audits and reviews, where necessary. Upn the directin f the Gvernment Chief Infrmatin Officer, liaises with the Office f the Infrmatin and Privacy Cmmissiner n privacy breaches. Directr f the Investigatins and Frensics Unit, Infrmatin Security Branch Member f the Standing Respnse Team. Reprts security incidents t the Gvernment Chief Infrmatin Officer, where apprpriate. Reviews ministries reprts n hw they reslved security incidents. Prvides reprts n security investigatins t the Gvernment Chief Infrmatin Officer. Reviews reprts n the implementatin f recmmendatins cncerning security incidents. Recmmends audits t the CISO n the implementatin f recmmendatins, where necessary. Participates in audits and reviews, where necessary. Privacy Investigatins Unit, Infrmatin Security Branch Subject matter experts in privacy breach management. The Incident Actin Lead fr privacy breaches. Prvides privacy breach management advice t business wner and Ministry Chief Infrmatin Officer. Prvides privacy breach investigatin status reprts and final reprt with recmmendatins t the Chief Infrmatin Security Officer and Directr f the Privacy Investigatins Unit, Infrmatin Security Branch. Prvides immediate incident management (including cntainment) advice t the Business wner. Ministry f Citizens Services and Open Gvernment Page 14

15 Prvides privacy expertise. Recmmends t the business wner that the affected peple be ntified f the infrmatin incident. Participates in audits n the implementatin f the recmmendatins, where necessary. Investigatins and Frensics Unit, Infrmatin Security Branch Subject matter experts in nn-privacy breach management and infrmatin incident investigatins. The Incident Actin Lead fr security incidents. Prvides immediate incident management (including cntainment) advice t the Business wner. Fllws established prtcls fr criminal ffenses r ther law enfrcement matters. Prvides nn-privacy breach infrmatin incident investigatin status reprts and the final reprt with recmmendatins t the Chief Infrmatin Security Officer. Prvides nn-privacy breach management advice t business wner and MCIO. Prvides investigatins expertise. Perfrms audits n the implementatin f the recmmendatins, where necessary. Gvernment Chief Infrmatin Officer Respnsible fr the crdinatin, investigatin, and reslutin f all infrmatin incidents, including privacy breaches. Receives and reviews status reprts and, where applicable, final infrmatin incident investigatin reprts and reprts n implementatin f recmmendatins. Ensures that the recmmended cntrls f the final reprt are apprpriately implemented thrugh audits. Reprts infrmatin incidents t the Deputy Minister f Citizens Services. Cntacts respnsible ministry executives t ensure apprpriate cmmunicatin, recmmendatin, and cllabratin, where apprpriate. Liaises with the Office f the Infrmatin and Privacy Cmmissiner n privacy breaches, where apprpriate. Deputy Minister, Ministry f Labur, Citizens Services and Open Gvernment (CITZ DM) Receives infrmatin incident and investigatin reprts, where necessary. Ensures that details abut the incident are cnveyed as necessary t senir levels f gvernment. Ministry f Citizens Services and Open Gvernment Page 15

16 Sectin 2: Appendices A. Key Definitins B. Prcess Flw Chart C. Simplified Flw Chart D. Infrmatin Management/Infrmatin Technlgy (IM/IT) Guiding Principles Ministry f Citizens Services and Open Gvernment Page 16

17 Appendix A Key Definitins Business Owner the peratinal unit (such as a branch r a service prvider) in which the infrmatin incident ccurred. Cntract Manager the persn(s) respnsible fr the versight f a Cntractr r Service Prvider. It shuld be nted that this culd als include gvernment persnnel respnsible fr less frmal infrmatin sharing arrangements. Cntract Service Prvider a persn r rganizatin retained under a cntract t perfrm services fr a public bdy. Incident Actin Team the team pulled tgether t take actin and respnd t the incident. The team includes the Incident Lead and the business wner at a minimum. The team may invlve, depending n the nature f the infrmatin incident, the Ministry Infrmatin Security Officer, and delegates frm the BC Public Service Agency. Incident Lead the OCIO member assigned by the Standing Respnse Team as the investigative lead fr managing the incident. Infrmatin Incident a single r a series f unwanted r unexpected events that threaten infrmatin security r privacy. Persnal Infrmatin - means recrded infrmatin abut an identifiable individual ther than business cntact infrmatin. Persnal infrmatin can be abut gvernment emplyees, gvernment clients r thers and may be held by gvernment r administered by service prviders n behalf f gvernment. Persnal infrmatin includes, but is nt limited t: name, address, telephne number, ; race, natinal/ethnic rigin, clur, religius r plitical beliefs r assciatins; age, sex, sexual rientatin, marital status; identifying number r symbl such as scial insurance number r driver s license number; fingerprints, bld type, DNA prints; health care histry; educatinal, financial, criminal, emplyment histry; anyne else s views r pinins abut an individual and the individual s persnal views r pinins unless they are abut smene else. Privacy Breach a type f infrmatin incident where there is a cllectin f, use f, disclsure f, access t, dispsal f, r strage f persnal infrmatin, whether accidental r deliberate, that is nt authrized by the Freedm f Infrmatin and Prtectin f Privacy Act. Recrd includes bks, dcuments, maps, drawings, phtgraphs, letters, vuchers, papers and any ther thing n which infrmatin is recrded r stred by any means, whether graphic, electrnic, mechanical r therwise. Ministry f Citizens Services and Open Gvernment Page 17

18 Standing Respnse Team cnsists f the Chief Infrmatin Security Officer, the Directrs f the Privacy Investigatins and Investigatins & Frensics Units, Infrmatin Security Branch and delegates frm their ffices. Ministry f Citizens Services and Open Gvernment Page 18

19 Appendix B Prcess Flw Chart

20 Appendix C Simplified Flw Chart Crprate Infrmatin Incident Management Prcess Wrkflw Incident Discvery/Reprting Incident Investigatin/Remediatin/Preventin Gvernment CIO Emplyee Supervisr (ptin 3) Prcess starts here Emplyee reprts directly if n supervisr is immediately available Suspected/ Cnfirmed Infrmatin Incident Runs thrugh triage prcess and assigns Incident Lead Takes caller infrmatin and assigns t Gvernment CIO (Min f Citizens Services) Immediately reprts incident t (ptin 3) Immediately reprts incident t Supervisr IAT always includes Incident Lead (OCIO), prgram area supervisr (r alternate cntact), and MCIO (r MCIO delegate) Incident Lead frms Incident Actin Team As apprpriate, Incident Lead may invlve representatives frm PSA, Legal Services, and/r PSSG depending n the circumstances. Incident Lead als liaises with the OIPC as required. Reprts t Ministry CIO Cmpletes and submits GILR Incident Lead guides IAT and investigative activities Incident Actin Team takes ver, handles all investigative, remediative, and preventative actins Supervisr participates in IAT (r identifies alternate cntact) Emplyee prvides additinal infrmatin and cperates with IAT as required Incident Actin Team: Identifies the steps required t cntain the incident; Gathers additinal infrmatin abut the incident as apprpriate; Assesses ntificatin requirements - whether any individuals affected by an incident need t be ntified Ensures that executives and Ministers are infrmed f incidents, as apprpriate Examines whether any preventin measures are apprpriate t guard against similar incidents frm ccurring in the future Ministry f Citizens Services and Open Gvernment Page 17

21 Appendix D Infrmatin Management/Infrmatin Technlgy (IM/IT) Guiding Principles Infrmatin Management/Infrmatin Technlgy Principles fr Use f Infrmatin Infrmatin Management/Infrmatin Technlgy (IM/IT) Principles utlines the principles that guide gvernment emplyees as they wrk with, handle and manage gvernment infrmatin. Intrductin: The Gvernment f British Clumbia is rich in infrmatin an asset that can help transfrm gvernment services, develp evidence infrmed plicy and prgrams, and achieve better utcmes fr British Clumbians. Applying the fllwing strategies and guiding principles in every day wrk will help gvernment achieve its verall gals and ensure infrmatin is used and managed in a way that recgnizes its value. Guiding Principles Definitin: Infrmatin is data that cnveys meaning. It is created, received, and acquired fr r by the B.C. gvernment and enables the prvisin f services. Infrmatin includes and is nt limited t: persnal data; ppulatin data (ecnmic, cultural and demgraphic data); and prgram and peratinal data (perfrmance measures and data used in plicy and prgram develpment and peratins). Strategies: Infrmatin is an asset that is shared, where apprpriate, t ptimize its value t gvernment and British Clumbians. Infrmatin, as a managed strategic gvernment-wide resurce, is leveraged with the apprpriate plicies, pririty and security, resulting in: Integratin and crdinatin f service delivery f gvernment prgrams and services; Cllabratin, innvatin and transfrmatin f service delivery t better meet the needs f citizens; and Evidence-infrmed decisin-making and prgram and plicy develpment. Right Infrmatin

22 Infrmatin meets the needs f its users, and the quality f infrmatin is apprpriate fr its purpse in terms f accuracy, relevancy, reliability, cnsistency, and cmprehensiveness. Right Persn Infrmatin is available and accessible as apprpriate. Right Purpse Infrmatin is integral t the business f gvernment, and is shared as apprpriate fr pursuing an identified purpse r t supprt achievement f gvernment plicy and/r service gals and business needs. Right Time Infrmatin is available in a timely way, when needed, t supprt business and prgram gals, needs and decisins. Right Way Infrmatin is handled in a way that respects and prtects the privacy f individuals regarding their persnal infrmatin held by gvernment and the cnfidentiality f gvernment and private sectr infrmatin. Ministry f Citizens Services and Open Gvernment Page 18