The WA Government Information Classification Policy takes effect on 24 August 2026, establishing a consistent approach to managing information. The policy provides a common language for agencies to identify risks and apply appropriate security controls to protect, store and share their information assets.
Agencies are expected to embed a consistent, risk‑based approach to information classification and apply suitable security controls across their information handling activities. By embedding these practices, agencies are better positioned to meet their obligations under the Privacy and Responsible Information Sharing Act 2024 (PRIS Act).
The resources on this page support agencies to implement information classification and strengthening capability as part of business‑as‑usual operations.
Please contact data.sharing@dpc.wa.gov.au for further information.
Policy
Show moreThe WA Government Information Classification Policy sets out the mandatory framework for classifying government information. It defines the classification levels to be applied and outlines agency responsibilities for ensuring information is managed in accordance with its sensitivity and value.
The policy mandates three classifications: UNOFFICIAL, OFFICIAL and OFFICIAL Sensitive.
Classifications above OFFICIAL Sensitive are outside the scope of this policy. Agencies handling COMMONWEALTH SECURITY CLASSIFIED information are required to comply with the provisions of the relevant inter-jurisdictional agreement(s) with the Australian Government.
The policy applies across the information lifecycle and supports consistent decision-making when handling and sharing government information.
Supplementary Guide
Show moreThe Information Classification Policy Supplementary Guide supports agencies to apply the WA Government Information Classification Policy consistently in practice.
The Supplementary Guide describes several subclassifications which are optional to use with the Official Sensitive classification.
The Supplementary Guide helps agencies to make well informed decisions about how information is classified and managed, so it can be used to deliver outcomes while maintaining trust and accountability. By establishing a common language and practical approach to assessing sensitivity and applying controls, the guide strengthens information stewardship across government and supports alignment with cyber security, privacy and responsible information sharing obligations.
Progressive Initiatives
Show moreThe Information Classification Policy Progressive Initiatives (the Progressive Initiatives) and the Information Classification Policy Checklist (the Checklist) support agencies to implement the policy in a structured and achievable way.
The Progressive Initiatives showcase best practice and provide a practical view of what effective implementation looks like at different stages of maturity.
The Checklist translates the Progressive Initiatives into a clear and scalable sequence of actions aligned with business risk. Together, they help agencies plan and track their implementation progress.
View the Information Classification Policy Progressive Initiatives
View the Information Classification Implementation Checklist
Business Impact Levels (BIL) Tool
Show moreThe Business Impact Levels (BIL) Tool supports a consistent, risk-based approach to information classification by helping agencies to assess the potential impact of information compromise on individuals, organisations, the state or national interest.
The tool helps agencies understand how different types of information could affect service delivery, legal compliance, public trust and government operations, and use that understanding to inform proportionate classification and labelling decisions.
By providing a shared reference point for impact assessment, the tool supports defensible, transparent decision making and helps agencies balance access to information with appropriate protections when handling and sharing information.
Information Survey and Information Asset Register
Show moreTo support strong information governance, agencies need to understand what information they hold and manage risks, particularly for high-value or high-risk information. An information survey and information asset register (IAR) are practical tools that can help agencies identify and document information assets, clarify ownership and accountability and assess information value and risk in a consistent way.
An Information Survey and Information Asset Register guide and an IAR template are available as part of the PRIS Readiness Resources. These resources provide a practical approach and examples that can be adapted to individual agencies.
To access this resource, please contact your agency’s PRIS Champion or email data.sharing@dpc.wa.gov.au.
Configuration and use of Microsoft 365
Show moreThe Record Keeping Governance for Microsoft 365 provides records managers and ICT managers with an overview of governance factors to consider with the configuration and use of Microsoft 365 (M365) in their organisations.
It outlines key considerations and controls for managing information and records in the cloud-based environment, including management of risks associated with storage, access, retention and disposal. This guidance is issued by the State Records Office of WA.
Print this page
