Skip to main content

Control measure
Secure access

Control measure knowledge

Security of information is a much wider subject than providing and using operational risk information. A range of legislation is relevant to gathering, disseminating, storing and protecting information. Fire and rescue services should ensure security policies, protocols, procedures and systems are in place for operational and other information.

Advice, guidance, policies and procedures will assist with information security, to reduce the vulnerability of the fire and rescue service to unauthorised access to hard copy and electronic data. There is also assistance concerning the protective marking of materials - national guidance has been published by the Cabinet Office and the following levels are identified in Her Majesty's Government (HMG's) Security Policy Framework:

  • Official - includes routine business operations and services, some of which could have damaging consequences if lost, stolen or published in the media
  • Secret - used where a compromise could seriously damage military capabilities, international relations or the investigation of serious organised crime
  • Top Secret - used where a compromise could cause widespread loss of life or else threaten the security or economic wellbeing of the country or friendly nations

The majority of information that is created or processed by the public sector will fall into the official level. There is no requirement to mark routine OFFICIAL information. The method used to assess these principles within information systems is based on the impact the loss of this information may have on an organisation.

For further information see Government Security Classifications.

Strategic actions

Fire and rescue services should:
  • Ensure arrangements made for the security of operational risk information are consistent with the Protective Marking Framework
  • Assess any site-specific risk information imported into a command and control system to identify its security (protective) marking - the information usually falls into groups or levels of importance depending on the level of risk identified
  • Consider the need for site-specific risk information to be security assessed to ensure it is suitable for use via mobile data terminals
  • Make suitable arrangements with site owners where copies of floor plans or other information is not available because of their security requirements. Agreements to provide the information required on arrival of the fire and rescue service at an incident may be appropriate. Operational crews responding to these sites should be made aware of these arrangements
  • Ensure that identified personnel that have the necessary security checks to enable them to access information with the appropriate levels of security classification
  • Ensure that they have a means of identifying service personnel and their credentials as and when required

Tactical actions

Incident commanders should:
  • Understand that they are personally responsible for the secure handling of information that has been entrusted to them
  • Be aware of the local organisational policy and processes regarding the security of information
  • Have a method of personal identification when responding to emergency incidents
All personnel should:
  • Comply with the local organisational policy and processes regarding the security of information