Annex 3: Protective security marking

Protective Security

To improve information security and to comply with legislation, the Authority will adopt the government 
protective marking system as used across other public and private sector organisations on all 
documents. 

The Protective Markings are a set of security information labels, designed to balance the value of the 
information/subject matter within a document against the potential damage that might occur should the 
information/ subject matter be compromised. 

Some information held by the Authority may be particularly sensitive and therefore needs to be given a 
special level of protection in order to:

  • Protect information related to certain aspects of a Fire & Rescue Service’s operational capability
  • Meet legal, moral or political obligations
  • Protect the interests of the organisation 
  • Protect the security of national assets
  • Ensure commercial interests, the economy and national influences remain intact
  • Promote good practice by maintaining confidence and trust
  • Comply with the requirements of the Local Government Transparency Code and the Data Protection Act 2018

 

Protective Security Marking

Operational guidance documents

Green open padlock

Following assessment, it is likely that most Fire & Rescue Service’s documents will not require any protective security and may be marked with a GREEN OPEN PADLOCK. Anyone can view the information and it may be published on the web or in paper form (copyright unaffected). Use of this marking makes it clear that the document does not require protection and can be freely distributed.

green padlock with the caption, not protectively marked

 

Red closed padlock

Documents that are deemed to require protective security will be marked with a RED CLOSED PADLOCK. The level of protective security applied will be written in capital letters and the “Vulnerability Descriptor” classification will be included below in normal sentence case.

red padlock with the caption, official - sensitive

The document or file contains information that must be handled with a higher level of security and care and must not be forwarded without the permission of the originator. This should be used for internal and inter-agency communications containing:

a. An employee’s sensitive or confidential information, for instance relating to their employment, pay, pension, health or wellbeing, ethnicity, sexual orientation, union membership.

b. A customer’s personal, sensitive or confidential information, for instance relating to their health, social care or case management.

c. Information that may be politically or commercially sensitive.

d. Personal or sensitive information sent to other public services.

 

Non-Operational Documents and Existing Documents that are not Security Marked

The majority of the existing documents produced by the Authority, including the vast majority of legacy documents, will not have any physical protective security marking. The Authority’s Publication and Retention Scheme will specify by type those documents which are declassified, and therefore by routine will be made available in the public domain. An example would be papers, minutes and agendas published for meeting of Kent and Medway Fire and Rescue Authority. 

 

Levels of Protective Marking

There are currently 3 levels of national security markings:

  1. TOP SECRET
  2. SECRET
  3. OFFICIAL

The higher the level of protective marking applied, the greater the potential damage that is likely to occur if the information/subject matter is compromised. TOP SECRET is the highest level of protective security on any document, with different levels of protection and security clearance applied to each level.

 

The Three Protective Marking Levels Explained

OFFICIAL

This classification includes the majority of information developed and processed every day by emergency responders. Personnel must be aware that unless otherwise stated, information handled by staff requires a minimum of baseline security. The information covered by the OFFICIAL classification is not deemed to present any heightened threat but may be damaging if in the wrong hands.

Whilst Fire & Rescue Services are introducing networks with recognised enhanced security credentials, the current organisational policy tolerates the electronic transition of OFFICIAL information, provided that the individual has assessed the security risks and deem the action to present no significant security risk. 

Such documents may be made available via a freedom of information act request, as set out in the Publication and Retention Scheme. 

 

OFFICIAL – SENSITIVE

This classification highlights that the information may be regarded as having damaging consequences if it were lost, stolen, misused or published in the media. 

Information under OFFICIAL- SENSITIVE should only be accessed via a secure website. These documents can be sent internally by email, but externally they must be encrypted or sent between secure email accounts i.e. email accounts with the suffixes: .gsi.gov.uk or .pnn.

Such documents may be made available via a freedom of information act request, as set out in the Publication and Retention Scheme. 

 

SECRET

This indicates that the information contained within has the possibility of damaging the relationships that the United Kingdom has with friendly countries.

Disclosure of information may also lead to the loss of life, seriously have an impact on public order or have an impact on an individual’s security or their liberty.

These documents may also contain information that would have an impact on the operational activities of United Kingdom or allied forces. They will have strict controls placed upon them and will therefore not be easily accessible. 

For the majority of Fire & Rescue Service personnel it is very unlikely that they will have any need to access SECRET documents.

The Authority will never create documentation at this level of security. If it holds any, they will be for a limited time with additional security arrangements put in place. They will not be released under the Freedom of Information Act as a record, although the Authority may confirm its existence. 

 

TOP SECRET

The TOP SECRET classification is the highest level of security placed on documentation. This level 
requires personnel to have a Developed Vetting security clearance in order to have regular uncontrolled 
access to this type of information.

TOP SECRET documents cover issues relating to direct threats to life, the stability of the UK government 
and its ability to carry out its business with other nations. 

It is highly unlikely the Authority will ever have any documentation of this kind in its possession. 

 

Public Access to Documents OFFICIAL and Above

Documents classified as OFFICIAL and above must not be made publicly available. These documents should only be accessed and viewed by people with a legitimate reason to view the information, or by making a freedom of information act request. 

Protectively Marked documents must never be left unattended and should be stored in a method relevant to the level of protective security applied. This includes paper based records. 

 

Ensuring that Protective Marking is not over used 

The majority of information published by a Fire & Rescue Service will not require any increased level of security restriction or clearance, and therefore will not have to be protectively marked. 

Personnel should consider any information relating to fire and rescue activities is not to be readily disclosed to organisations or individuals outside the fire service without prior permission by the Information Officer. 

It is important to understand that the action of applying protective marking to information will automatically place restrictions on accessing and storing the information. 

Protective marking of the information should only be considered where a specific vulnerability relating to the information/subject has been identified. Protectively marking OFFICIAL – SENSITIVE and above 
should be regarded as the exception rather than the norm.

 

Management of Protectively Marked Information

Initially it is the responsibility of a document author to apply any protective marking to the subject matter regardless of if the document is created in hard copy or electronically. All documents will be disposed or archived in accordance with the Authority’s Publication and Retention Scheme.

In general, the access, authorisation and management of protectively marked information within the “OFFICIAL” and “OFFICIAL – SENSITIVE” classifications, will be the responsibility of the department or section publishing the document. This will also apply to documents with the security status “NOT PROTECTIVELY MARKED”. 

Files and documents classified as OFFICIAL - SENSITIVE may be sent to internal users and email addresses provided appropriate handling procedures are followed. They should not however be sent to any external individual or organisation by email or any other means without explicit authorisation and the use of an approved secure method (e.g. secure email, Government Connect Secure Extranet etc.). Seek advice from your line manager if you are unsure.

The access and management of all “SECRET” and “TOP SECRET” documentation will be controlled and 
managed centrally by the Information Officer.
 

Loading...