Sensitive Information & Assets

Sensitive information and assets, whatever their form, must be appropriately protected from creation through to verified destruction. 

Last Updated 31 March 2021

Everyone has a responsibility to ensure that sensitive information and assets, whatever their form, are appropriately protected from the moment they are created until their verified destruction. Physical security measures form part of a holistic approach to protection that must also include personnel security and, where the assets are IT or held electronically, cyber security.

When considering protective security of sensitive items it is important to remember that this encompasses protection for information during transit and when it is held remotely, as well as when it is in a central facility. There is a close relationship with personnel security here to ensure that processes and procedures are in place, and that people have understood the requirements on them.

Once there is no longer a need for the information or asset it must be destroyed in accordance with requirements related to the sensitivity of the information / asset.

Threats to sensitive items can range from forcible attack to more sophisticated surreptitious methods and can occur at any stage of the information lifecycle. Threats may include:

  • Accidental loss
  • Emergency abandonment of an individual, vehicle or building
  • Espionage, either commercial or state sponsored
  • Hijack or vehicle theft either from site or during vehicle transportation
  • Inside attack, e.g. disgruntled employees or investigative journalists
  • Theft from site, vehicle, storage or destruction facility

When engaging providers of secure transportation and secure destruction services look for those whose processes and operations have been subject to independent review and accreditation. Self-certification or assurance that operations are in line with published standards does not provide an acceptable or verifiable level of assurance.

The National Cyber Security Centre (NCSC) provides guidance on both building security into devices and IT systems as well as a range of guidance relating to overwriting / sanitisation services and tools.

Guidance for those responsible for planning the movement of sensitive items on the need for protective security during transportation
Tamper indicating equipment can be used to provide physical evidence of unauthorised access to a secure area or object.
The destruction of sensitive items should be undertaken via a secure process. This section provides those responsible for information assurance...
A suite of documents intending to guide managers in the selection, procurement and management of appropriate body armour for their civilian security...
Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.