IM/IT Standards Frequently Asked Questions

Last updated on December 21, 2023

Updated: May 19, 2023

***NOTE: Contact email changed to: CITZAS@gov.bc.ca

Standards & Policies

What is the difference between an IMIT Standard and Information Security Policy or Core Policy?

A policy is a statement of intent, whereas a standard is a convention or requirement. As an example, a policy may state that "you must encrypt sensitive traffic" and a corresponding standard may specify to use "128-bit SSL encryption".

Contact for questions related to Information Security Policy or IM/IT Standards.
Contact for questions relating to Chapter 12 of Core Policy.

What if I am unable to comply with a standard or policy?

In some cases, agencies are unable to comply with a standard or policy or require more time to come into compliance. In this instance, they must submit an Exemption Request.

Before submitting, please review the Exemption FAQs. Once you have reviewed the FAQs, you can submit your Exemption Request.

How are standards developed?

The Office of the Chief Information Officer (OCIO) is responsible for leading the development, maintenance and communication of government-wide IMIT architectures and standards. Details about this process can be found in the Standards Development Lifecycle document (currently being reviewed).

Where can I get previous versions of standards?

Current standards are online. However, over time, standards can become obsolete.
Contact us to request copies of previous versions.

Exemptions

What is the difference between exemptions to IMIT Standards and exemptions to Information Security Policy or Chapter 12 of Core Policy?

The submission process is the same for an exemption to a standard or a policy. OCIO staff work collaboratively to process every Exemption Request.

How do I know if I need an exemption?

To determine if you need an exemption you may refer to this guide. If you are still unsure, please contact us.

Once you have determined that a Request for Exemption is required, complete one or more of the following, as appropriate to your request:

An approved DBN from the initiating Ministry to their MCIO for approval of the exemption - REQUIRED
Statement of Acceptable Risk (SoAR) - REQUIRED
- Security Threat and Risk Assessment (STRA)
Approval from your: Ministry Information Security Officer (MISO) and Ministry Chief Information Officer (MCIO)
Privacy Impact Assessment (PIA)
Completed request form

Who can submit an exemption? What approvals do I need?

Only core government staff can submit an exemption; however, they can do it on behalf of contractors. You will need to include approval from your Ministry Information Security Officer and Ministry Chief Information Officer.

After submitting an exemption, how can I find the status?

After submitting your Exemption Request, you can log in to track it or you can contact us.

How long will it take to process my exemption?

Exemption Request processing times will vary depending on the complexity of the request. We are working on streamlining his process and will update this page during the process.

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics