Each policy document references the corresponding ISO domain to which it aligns. Further, we have referenced the corresponding National Institute of Standards and Technology (NIST) framework as well.
The purpose of this policy is to provide a framework to manage information security for all Government of Saskatchewan (GoS) information systems (including but not limited to all computers, mobile devices, networking equipment, software and data) and information users.
This policy is designed to establish acceptable and appropriate use of tools within the Government of Saskatchewan with a focus on Information Security. This includes stipulating constraints and practices to which all employees and contractors must agree.
This policy establishes a framework to initiate and control the implementation and operation of information security within the Government of Saskatchewan.
This policy is to ensure employees and contractors are aware of and fulfill their information security responsibilities prior to, during, and at termination or change in employment.
This policy is to identify and safeguard government information assets in accordance with their sensitivity and value.
This policy is to ensure proper and effective use of logical and physical access controls to safeguard access to GoS networks, application, and information.
This policy is to ensure proper and effective use of cryptography to protect the confidentiality and integrity of government information.
This policy is to prevent unauthorized physical access, loss, damage, theft, compromise or interference to the government’s information, assets, and operations.
This policy is to ensure correct and secure operations of information systems.
This policy is to ensure the protection of information in networks and its supporting information processing facilities, and to maintain the security of information transferred within an organization and with any external entity.
This policy is to ensure that security is an integral part of information systems across their entire lifecycle.
This policy is to ensure protection of government information assets that are accessible by suppliers and to maintain an agreed level of information security in line with supplier agreements.
This policy is to ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses.
This policy is to embed information security continuity in the government’s business continuity management systems and to ensure availability of the government’s information systems.
This policy is to ensure compliance with all relevant legal, statutory, regulatory, and contractual information security obligations and requirements.