Each policy document references the corresponding ISO domain to which it aligns. Further, we have referenced the corresponding National Institute of Standards and Technology (NIST) framework as well.
Additional information and resources regarding information security including reporting incidents, protection from spam and phishing, information/data classification, security assessments, and related documentation can be found on the
IT Security Services Taskroom page.
Overarching Policy
The purpose of this policy is to provide a framework to manage information security for all Government of Saskatchewan (GoS) information systems (including but not limited to all computers, mobile devices, networking equipment, software and data) and information users.
Policies
This policy establishes a framework to initiate and control the implementation and operation of information security within the Government of Saskatchewan.
This policy is to identify and safeguard government information assets in accordance with their sensitivity and value.
This policy is to ensure proper and effective use of logical and physical access controls to safeguard access to GoS networks, application, and information.
This policy is to ensure proper and effective use of cryptography to protect the confidentiality and integrity of government information.
This policy is to prevent unauthorized physical access, loss, damage, theft, compromise or interference to the government’s information, assets, and operations.
This policy is to ensure correct and secure operations of information systems.
This policy is to ensure the protection of information in networks and its supporting information processing facilities, and to maintain the security of information transferred within an organization and with any external entity.
This policy is to ensure that security is an integral part of information systems across their entire lifecycle.
This policy is to ensure protection of government information assets that are accessible by suppliers and to maintain an agreed level of information security in line with supplier agreements.
This policy is to ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses.
This policy is to embed information security continuity in the government’s business continuity management systems and to ensure availability of the government’s information systems.
This policy is to ensure compliance with all relevant legal, statutory, regulatory, and contractual information security obligations and requirements.
Acceptable Use
The Government of Saskatchewan requires that GoS Assets be used in a
responsible way, ethically, and in compliance with all legislation and other
government policies and contracts. This policy does not attempt to anticipate
every situation that may arise and does not relieve anyone accessing the system
of their obligation to use common sense and good judgment.