C.3.5 - Information and technology management

IT management involves the coordination of IT resources and systems required to support or enable a citizen service. Impacts to information associated with the operation of IT systems generally need to be considered even when all mission-related information processed by the system is intended to be available to the general public. The relevant issues may be different for integrity and availability than for confidentiality. Information that has been made public, by definition, requires no confidentiality protection. In contrast, integrity and availability protection cannot be maintained for copies of information that have been distributed to the public. Integrity and availability assurance can only be maintained by maintaining copies of information in organization-controlled information systems.

Information types

Code Name Impact levels
Confidentiality Integrity Availability
C.3.5.2 Lifecycle / change management Low Moderate Low
C.3.5.1 System development Low Moderate Low
C.3.5.3 System maintenance Low Moderate Low
C.3.5.4 IT infrastructure maintenance Low Low Low
C.3.5.5 Information security Low Moderate Low
C.3.5.6 Record retention Low Low Low
C.3.5.7 Information management Low Moderate Low
C.3.5.8 System and network monitoring Moderate Moderate Low
C.3.5.9 Information sharing Null Null Null