Using the business impact levels tool
The business impact levels (BIL) tool provides parameters to assess potential damage from compromise of the confidentiality of information. The tool assists in the consistent classification of information and the assessment of impacts on government business.
This tool considers potential impact on the:
- individual
- organisation
- legal compliance
- compiled data
- government
- Australian economy
- infrastructure
- international relations
- crime prevention, defence or intelligence operations.
The BIL tool has been modified slightly for use in NSW (see below). When assessing information using the tool all sub impact categories need to be used to make the assessment, and then the security classification should be set at the lowest reasonable level.
The intent of the BIL tool is to provide a way of consistently assessing potential damage due to compromise of information, however the classifications also need to be practically applied. Limiting the dissemination of information due to security classification could also have a negative impact if the people who need to know are unable to view the information when they require it. A pragmatic and risk-based approach is recommended.
Assessing whether information is sensitive or security classified
Often it is the difference between assessing information as sensitive (requiring a DLM) or assessing the information as PROTECTED which causes the most concern for NSW agencies. Figure 3 describes a way to help determine if a document is sensitive or if a security classification is needed.
Figure 3: Assessing whether information is sensitive or security classified
Caveated information is described here.
Download the NSW Business Impact Levels Tool
Last updated 12 Jul 2024