Skip to content

IMT Policy Instruments Portal search

Search the Information Management and Technology (IMT) Policy Instruments Portal to find Government of Alberta policy instruments.

Featured

  • Data technology center server racks in a dark room.
    Artificial Intelligence Usage Policy
    This policy enables and empowers Government of Alberta staff to use artificial intelligence​ in a transparent, responsible, secure, ethical and human-centered manner.

Filter

Use the search criteria or scroll down to see the full list.

163 results

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Service Alberta and Red Tape Reduction

  • Description: Establishes the legislative framework on access to information in the public sector. It provides for public accountability through a right of access to records under the control of public bodies.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Justice

  • Description: Provides rules on the admissibility of records in court proceedings.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Provides legal recognition of information and records in electronic form; allows for the provincial government and the private sector to conduct business; electronically based on consent of the parties; sets out conditions related to electronic signatures; permits electronic activities related to contracts.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Municipal Affairs

  • Description: Defines the responsibilities of departments in emergency situations; requires the protection of all assets and records maintained by respective ministries.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Executive Council

  • Description: Schedule 11, Section 14 of this Act identifies the government organizations that must comply with the records management program; provides for the enactment of regulations related to the program.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Health

  • Description: Governs the collection, use and disclosure of health information; how health information must be handled and protected; and the right of the public to access health records in the custody or under control of health care providers.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Arts, Culture and Status of Women

  • Description: Section 9H of this Act identifies the responsibilities of the Provincial Archives of Alberta (PAA) for acquiring and preserving government records; identifies the PAA as the official repository for government records of enduring value.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Treasury Board and Finance

  • Description: Governs the collection, compilation, analysis and publishing of statistics or other information relating to the commercial, industrial, financial, social, economic or other activities or conditions of Alberta.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Establishes the legislative framework on the protection of personal information in the public sector. It mandates how a public body is to collect, use and disclose an individual’s personal information.

  • Instrument type: Legislation

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Defines terms and outlines the membership and roles of the Alberta Records Management Committee (ARMC).

Access to information

Policy instrument name

  • Instrument type: Standard

  • Category: Access to information

  • Security classification: Public

  • Owner: Service Alberta and Red Tape Reduction

  • Last reviewed date: 2025-06-11

  • Description: Consistent practices related to the electronic release of response packages requested under the Access to Information Act (ATIA) support the modernization of access to information services and increase efficiencies.

  • Instrument type: Standard

  • Category: Access to information

  • Security classification: Public

  • Owner: Service Alberta and Red Tape Reduction

  • Last reviewed date: 2025-06-11

  • Description: Ensuring that fees charged for services under the Access to Information Act (ATIA) are consistent, fair, and compliant with the ATIA supports transparent and effective provision of access to information services.

  • Instrument type: Directive

  • Category: Access to information

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2023-05-30

  • Description: ​​​​​​​Describes the roles and responsibilities of Deputy Ministers, Deputy Heads, Delegated Decision Makers, Assistant Deputy Ministers, FOIP Operations, and Department Communications Directors in the decision-making process for responding to access to information requests under the FOIP Act, as well as outlines specific examples when each of the above groups need to be consulted and/or advice should be sought.​

Application support

Policy instrument name

  • Instrument type: Directive

  • Category: Application support

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2022-05-02

  • Description: This directive details the obligations for all GoA staff when seeking enhancements to legacy systems.​

  • Instrument type: Standard

  • Category: Application support

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-11-22

  • Description: This standard establishes an organizational approach for the management and delivery of Managed Technical Services (MTS). This approach ensures that these technical services ​​​​​adhere to industry best practices; are actively managed; are sustained on an ongoing basis; are consistently implemented; and limit the exposure of the Government of Alberta’s (GoA) information management and technology (IMT) infrastructure and information assets to vulnerabilities​.

  • Instrument type: Directive

  • Category: Application support

  • Security classification: Public

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2025-08-01

  • Description: ​​This directive defines the obligations for all Government of Alberta staff with regards to the management of software assets.​​​​

Content management

Policy instrument name

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Used for records relating to financial activities in the Alberta Government ministries and agencies that currently use ARDA to disposition financial records​.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2025-08-26

  • Description: Microsoft Forms is a versatile application within the Microsoft 365 suite available to all Government of Alberta (GoA) staff that enables business areas to create, distribute, and analyze surveys and other information-gathering forms efficiently to facilitate data collection and support decision-making. This guideline is intended to educate GoA staff on the acceptable use of Microsoft Forms by providing considerations and acceptable use cases for using the technology.

  • Instrument type: Policy

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2021-06-08

  • Description: The Action Request Tracking System (ARTS) Usage Policy establishes mandatory requirements for ARTS across the Government of Alberta (GoA). This policy ensures standardized usage and outlines roles and responsibilities for ARTS and its content.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Used for responses to action requests received from Ministers' Offices.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: May be used as a records retention and disposition schedule for common administrative records in Alberta Government ministries and agencies.

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-09-16

  • Description: ​​​​​​This directive applies when Government of Alberta (GoA) records are alienated to a third-party entity due to the GoA transferring accountability and responsibility for programs or services to that entity.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2024-04-01

  • Description: ​​Guidance for applying electronic signatures within the Government of Alberta. ​

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Provides a legal disposition authority to dispose of the records associated with the backup process, and the content of the backups; provides a common approach to backups for all ministries, agencies, boards and commissions of the Government of Alberta.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-06-01

  • Description: ​​​This checklist clarifies the process for the identification and cancellation of duplicate records retention and disposition schedules (“schedules”) and/or items within a schedule (“schedule items”). The checklist supports implementation of the Duplicate Records Retention and Disposition Schedules Directive. ​​

  • Instrument type: Policy

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2022-03-24

  • Description: ​​​​​​​​​​​​​​​​​​​​​This policy states the requirements to which departments will adhere when managing content.​​ Content encompasses all records, data and/or information, regardless of format, state and/or classification.​​​​​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-06-01

  • Description: ​​​​​​​​​​​​​​​This guideline outlines recommendations for the assessment of content management requirements and documentation of potential content management risks by information controllers and custodians in the Government of Alberta (GoA).

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-04-01

  • Description: The purpose of the Core Content Standard Metadata Application Profile (CORMAP) is to provide business rules and guidance on the use and application of the 15 descriptive metadata elements described in the Metadata Core Content Standard. These metadata elements are primarily based on internationally recognized Dublin Core metadata elements.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Used for records that have been damaged (for example: harmed, contaminated or spoiled) during a disaster.

  • Instrument type: Framework

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2018-03-01

  • Description: ​Describes a disciplined, consistent approach to managing information assets and creating information management policy instruments.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-12-02

  • Description: ​​​​​​​​​​​​​​This standard describes four levels of security classifications that Ministries must apply to data and information. Appropriately classifying data and information is the first step in ensuring the confidentiality, integrity, trustworthiness, availability, and protection of privacy of data and information. This standard aligns with the Government of Canada's information security classification scheme, and enables better data and information sharing practices across jurisdictions.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-12-01

  • Description: ​​​​​​​​​This guide outlines the standardized approach for the application of security classification to data and information in the custody and/or under the control of the Government of Alberta (GoA). The approach detailed in this guide supports implementation of the Data and Information Security Classification Standard and aligns with the data and information security classification levels established by the Government of Canada.    ​

  • Instrument type: Framework

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2025-07-01

  • Description: ​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​The Government of Alberta (GoA) is accountable for and committed to the ethical creation, collection, management (including access, disclosure, disposition) and use of data. This framework provides high-level strategic direction to maintain consistent and effective data ethics across the GoA in the rapidly evolving digital world. The Data Ethics Framework (DEF) demonstrates the GoA's commitment to data ethics by specifying principles that will inform the development of new and/or revision of existing policy instruments and by highlighting data ethics-related commitments the GoA ​will implement in support of the framework principles.​​

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-11-01

  • Description: This standard establishes common format for data on how it is structured for sharing. This is required to ensure the clarity and the accuracy of data exchanged between Government of Alberta (GoA) applications. The standard enables consistent interpretation of data across different entities, minimizing the risk of misinterpretation or information loss.​​​​

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2022-04-26

  • Description: ​This directive outlines some of the key roles required to manage data in the custody and/or under the control of the Government of Alberta departments as an enterprise resource; and how the key data management roles and layers interact with one another.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-02-08

  • Description: ​​​​​Guidance to assist Ministers’ Office staff with understanding their obligations in the management of transitory records and the specific circumstances that would allow for the use of desktop shredders in ministers’ offices.​

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-07-31

  • Description: ​This standard establishes that the Government of Alberta adopts ISO 13008:2022 (E): Information and documentation – Digital records conversion and migration process which outlines requirements that must be met when converting digital records from one format to another, and when migrating digital records from one hardware or software configuration to another.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-07-01

  • Description: ​​​​​​This guideline outlines the standardized process for the digitization of content in the custody and/or under the control of the Government of Alberta. The process detailed in this guide supports implementation of the Digitization Standard, and aligns with the Canadian General Standards Board (CGSB) 72.34-2017, Electronic records as documentary evidence standard established by the Government of Canada.​​​

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-07-01

  • Description: This standard establishes the process that departments must implement when the goal of a digitization initiative is to create official digital records. The verified digital format must inherit and preserve the authoritative characteristics: authenticity, integrity, reliability, and useability of the official physical source records to be demonstrable, accessible, and admissible.

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-06-01

  • Description: ​​​​​​​​​​This directive clarifies operational roles and responsibilities for the identification and cancellation of duplicate records retention and disposition schedules (“schedules”) and/or items within a schedule (“schedule items”).​​​​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-08-01

  • Description: ​​​​​​​Naming conventions are rules applied to electronic documents, folders, and other files (e.g., graphic files, spreadsheets, workflow diagrams, etc.). Naming electronic files consistently, logically, and in a predictable way distinguishes them from one another at a glance and facilitates reliable storage and retrieval.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2017-02-01

  • Description: ​​​​​​​​​​​​​​This standard describes the electronic signature process requirements, the specifications and the metadata requirements that ministries must implement to support the creation of authentic, reliable and trustworthy electronic records that have an electronic signature attachment or association.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2024-04-01

  • Description: This standard ​identifies the different types of electronic signatures used in, or received by, the Government of Alberta (GoA), and directly supports the GoA’s implementation of electronic signatures.​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2022-11-28

  • Description: ​​​​​This guideline describes the process that business areas must follow in order to use an approved electronic signature solution. This guideline is intended to help: identify risks and/or prohibitions associated with meeting legal and evidentiary requirements; mitigate potential risks; andensure the appropriate implementation and use of an approved electronic signature solution.​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-01-31

  • Description: This guide is intended to help public servants distinguish between emails that are official records and those that are transitory.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Used for records relating to executive actions made in support of legislated mandates and corporate governance.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Service Alberta and Red Tape Reduction

  • Description: Used for managing light-duty vehicle leases and purchases of all departments, provincial agencies and fund administrators.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Used for records relating to human resource activities in the Alberta Government ministries and agencies that currently use ARDA to disposition human resource records.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-10-15

  • Description: ​​​​​​​​​​​​The intent of this guideline is to educate and empower Government of Alberta (GoA) staff to appropriately identify official and transitory records.

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2021-11-30

  • Description: ​​​This directive defines the roles and responsibilities of information controllers and information custodians in the Government of Alberta.​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2021-11-30

  • Description: ​​​​This guideline outlines recommendations for the assignment and documentation of information controllers and information custodians in the Government of Alberta. This guideline supports the implementation of the requirements detailed in the Information Controller and Information Custodian Directive.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-08-27

  • Description: ​This document helps Government of Alberta staff meet requirements by detailing decommissioning scenarios and consultation contacts.

  • Instrument type: Procedure

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-01-24

  • Description: This playbook outlines key information management tasks, system updates, and communication approaches to ensure effective organizational change.

  • Instrument type: Strategy

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2014-01-14

  • Description: ​Articulates a clear vision for information management, including key business drivers, specific goals, strategies and projects.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Justice

  • Description: Used for records relating to Legal Services Division's legal and strategic activities across the Government of Alberta.

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-03-07

  • Description: This directive details the content management obligations for all Government of Alberta staff (which includes, but is not limited to, contractors, volunteers, appointees, interns, and students working with a public body) when responding to litigation holds and engaging in information discovery activities.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-06-01

  • Description: ​​​​​​​​​​​​​This guideline details the steps required for Government of Alberta (GoA) employees to identify, preserve, collect, process, and produce records responsive to active (or reasonably anticipated) litigation (e.g., a legal proceeding, investigation, audit, formal inquiry, and/or request for information). A coordinated information discovery process will ensure a repeatable and defensible process for litigation response activities across government.​​

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-08-01

  • Description: ​​​​​​​​​​​This directive details the information management obligations for all Government of Alberta staff (which includes, but is not limited to, contractors, volunteers, appointees, interns, and students working with a public body) when handling instant and/or text messages.​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-10-09

  • Description: This information is to assist staff in Deputy Minister and Assistant Deputy Minister offices in the execution of their duties and responsibilities for managing information in their offices (executive offices).

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-08-01

  • Description: This directive outlines obligations for managing lost and compromised content in terms of notifying, assessing/investigating, and documenting; and reporting an incident to the appropriate business area and/or committee.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-08-01

  • Description: ​​This standard establishes requirements for managing Outlook, OneDrive, and Desktop content when an employee transfers between areas or exits the Government of Alberta.​​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2018-12-01

  • Description: ​​​This guideline offers specific guidance for managing the information produced and used in ministers’ and deputy ministers’ offices.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-02-23

  • Description: ​​​This guideline outlines best practices for the management of information related to voicemail received on any Government of ​​​​Alberta (GoA) phone (VOIP, landline, softphone, or mobile). 

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-04-01

  • Description: ​​​This standard describes the foundational set of metadata elements to be applied to all electronic data/information resources within the Government of Alberta (GoA).  These descriptive metadata elements provide context and meaning to assist with use and interpretation while supporting interoperability and extensibility across all business areas and disciplines.  This standard is not intended for the application of technical metadata elements.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-10-01

  • Description: This standard applies to all geospatial data within the Government of Alberta (GoA). The purpose of this standard is to provide clarification and consistency in requirements around the creation and development of geospatial metadata.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Used for ministry and cabinet records that are generated or received by ministers in their capacity as ministers of the crown​.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-10-15

  • Description: ​​​​​An aid for Government of Alberta employees to determine if a record is official or transitory.​​​​​​​

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-10-15

  • Description: ​​​​​​​​​​​​​​​​This directive defines transitory and official records for the purposes of the Government of Alberta's records management program and reinforces established IM requirements. ​​

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-10-01

  • Description: The purpose of this standard is to establish criteria for publishing data in the custody and/or control of the Government of Alberta (GoA) for public use, adaptation, and distribution under the Open Government Licence and to set the criteria that will be measured to determine the success of the program.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-11-01

  • Description: ​​This standard applies to all content in the Open Government Portal and the descriptive metadata that is created and maintained about the content.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-11-01

  • Description: ​This guideline supports the Open Government Metadata Application Profile (OGMAP) by providing enhanced descriptions of the metadata elements provided in OGMAP for use in the Open Government Portal.​

  • Instrument type: Policy

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2013-12-03

  • Description: ​​​The Open Information and Open Data Policy provides a framework to establish the operational responsibilities, organization, processes, tools and other resources required for a single approach to the open data and open information programs. The policy also provides foundational assurance and guidance to staff from across the Government of Alberta with respect to identifying, preparing, and publishing data and information through the open data and open information portals on a routine basis going forward.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-07-01

  • Description: ​​​​​​​​This guideline outlines activities and accountabilities staff and/or business areas are to undertake when orphaned Government of Alberta ​records are discovered. Incidences of truly orphaned records are rare. However, when these records are discovered, it is essential to determine the appropriate information controller and business areas that should have custody and control of these records to continue the information management (IM) lifecycle.​​

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-02-28

  • Description: ​​This standard provides the foundation for establishing a records management program in the Government of Alberta (GoA). This standard will help to ensure the integrity of the records management program, the authenticity and reliability of records, that appropriate attention and protection is given to all records, and that evidence and information contained within those records can be retrieved efficiently and effectively.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-10-15

  • Description: ​Frequently asked questions about records and retention schedules for Government of Alberta and ​public agency staff.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-10-15

  • Description: ​​The intent of this guideline is to  educate and empower government staff to properly handle and dispose of transitory records, and communicate the requirements and procedures that government staff must follow for the retention and disposition ofofficial records.​

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-08-01

  • Description: ​​​​Alberta Public Service (APS) employees have a responsibility to take reasonable steps to safeguard government information, regardless of whether they are the creator or recipient of the information. This guide has been created to assist APS employees in securing their workplace and the information they create and manage on behalf of the people of Alberta.

  • Instrument type: Guideline

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2024-07-01

  • Description: ​​​​​​​​​Provides guidance for capturing and exporting information from Microsoft Teams in alignment with the Management of Instant and Text Messages Directive.

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation

  • Description: Transitory records containing sensitive or confidential information must be securely destroyed or deleted.

  • Instrument type: Directive

  • Category: Content management

  • Security classification: Protected A

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-02-10

  • Description: This directive details the obligations for all Government of Alberta (GoA) staff (which includes, but is not limited to, contractors, volunteers, appointees, interns and students working with a public body) when using video recording, streaming and/or sharing services (“video services").

  • Instrument type: Schedule

  • Category: Content management

  • Security classification: Public

  • Owner: Public Service Commission

  • Description: Used ​for records relating to employees' vaccinations and exemptions from being vaccinated​.

  • Instrument type: Standard

  • Category: Content management

  • Security classification: Public

  • Owner: Technology and Innovation - Data and Content Management

  • Last reviewed date: 2025-02-28

  • Description: ​Work process analysis is the required foundation for establishing and maintaining consistent information management and is necessary to determine requirements for records creation, capture and control across all Government of Alberta departments. Work process analysis is a research methodology that analyzes the context of an organization's business activities (e.g., legislative mandates), what business activities an organization conducts, what records are created by an organization's business activities, and how records created by an organization's business activities relate to the business activities that created them.​​

Cybersecurity

Policy instrument name

  • Instrument type: Directive

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-03-04

  • Description: ​​​​​​​​This directive outlines the acceptable use of IMT assets, allowable personal use and compliance consequences of improper use. The Government of Alberta (GoA) owns the data and information that it collects, processes, stores, transmits, and receives. The GoA provides employees with business tools, applications and services that assist in meeting GoA business requirements for sharing information and data, enabling collaboration between departments and the public. GoA employees are provided with the access required to perform tasks on behalf of Albertans and are, therefore, responsible for managing the information and data on behalf of the GoA.​​

  • Instrument type: Directive

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2023-10-13

  • Description: ​​​​​​​​​​​​​​​​​​Details the obligations for, and requirements of, all Government of Alberta (GoA) staff when using third-party Natural Language Generators (NLGs).​​​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-04-10

  • Description: This standard outlines the access and use of Government of Alberta (GoA) IT resources from non-GoA-managed devices or hardware and for equipment that is not supported by GoA service teams.​

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-11

  • Description: The Application Access Control Policy describes the Government of Alberta’s Policy for the administration of user access to applications and systems and to ensure protection from unauthorized access and use.​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2023-10-17

  • Description: The GoA has adopted the recently developed Security.txt vulnerability reporting standard that is rapidly being adopted by organizations worldwide. The standard describes GoA’s guidelines for vulnerability reporting to the GoA by Third-Parties.​​​

  • Instrument type: Policy

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-05-01

  • Description: This policy enables and empowers Government of Alberta staff to use artificial intelligence​ in a transparent, responsible, secure, ethical and human-centered manner.

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-12-04

  • Description: This document establishes the control objectives for the GoA Information Technology (IT) Change Management Control (Change Management).​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-03-11

  • Description: ​​​This standard identifies cryptographic algorithms approved by the Cybersecurity Division for use on Government of Alberta (GoA) digital systems, servers, services, and networks. The cryptographic algorithms considered acceptable for use in the GoA are based on those identified by the Communications Security Establishment Canada (CSEC). These algorithms are used to protect GoA information at rest, and in transit.​

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-06-07

  • Description: The Cyber Threat Intelligence Control Policy ensures that all operational, strategic, and tactical cybersecurity activities are informed, and in-part driven by observed and documented adversary behaviour. This ensures that security decisions affecting Information Management and Technology (IMT) assets are grounded in observation and less prone to subjective judgement. This control policy establishes cyber threat intelligence practices for the collection, assessment, dissemination, and actioning of threat intelligence across the Cybersecurity Division (CSD).

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-03-11

  • Description: The purpose of this policy instrument is to ensure that all GoA personnel are aware of the GoA Information Security Management Directives (ISMD) and understand their responsibility to protect GoA information and data assets. All GoA personnel are therefore required to complete mandatory Cybersecurity Awareness training.​

  • Instrument type: Control Framework

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-10-20

  • Description: The Cybersecurity Control Framework is designed to integrate risk and security management into Information Technology (IT) operations. IT must take a risk-based approach to operational activities, initiatives, projects, and services. Information and data that is not secured is subject to increasing levels of risk that can exceed the risk appetite and capacity of the GoA.​​​​

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-08-06

  • Description: Defines the Government of Alberta’s (GoA) requirements for detecting and responding to cybersecurity incidents and events. This includes preparation, identification, containment, eradication, recovery and incident follow-up​.​​

  • Instrument type: Form

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2022-11-16

  • Description: The Cybersecurity Intake Sound Check is a prerequisite for IMT projects. Before project initiation, as part of investment and portfolio management, program areas complete this questionnaire to define the cybersecurity requirements associated with their projects. These requirements include the need to classify information assets, determine the size of the project, identify proposed technology platforms and facing (internal or external), and provide or perform a Security Threat Risk Assessment (STRA).​

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-08-14

  • Description: The Cybersecurity Management Control Policy defines the Cybersecurity Division’s information security management control objectives, aligns with the Information Security Management Directives (ISMD), and establishes a risk-based approach for cybersecurity operations. The Cybersecurity Division implements security controls and countermeasures that reduce the risk of a breach of confidentiality, protect data integrity, and ensure the resiliency of digital services.​​

  • Instrument type: Policy

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-09-19

  • Description: This Cybersecurity Policy expresses the GoA’s commitment to managing cybersecurity risks effectively and efficiently. It establishes the foundation for all cybersecurity activities and focuses on the authority to develop and manage cybersecurity policy instruments and controls for the GoA.​​

  • Instrument type: Framework

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-11-27

  • Description: The Cybersecurity Risk Management Framework (CRMF) outlined in this document is designed to establish a robust, sustainable cybersecurity framework that reduces risks, strengthens the security posture of the Government of Alberta (GoA) and aligns with the Information Security Management Directives (ISMD).​​​

  • Instrument type: Guideline

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-08-14

  • Description: This process guide is intended for use by Cybersecurity Services Division, business areas and other security practitioners to help understand Department IT security risks, prepare and conduct Security Threats and Risks Assessments (STRAs) if need be, in a timely manner as new projects are initiated.  This process guide is intended to provide a context for assessing and managing IT risks and reporting high exposure risks to management and risk owners.​​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-11

  • Description: The Data and Information Security in the Cloud standard defines the security controls that are required to secure Government of Alberta (GoA) data and information assets that are managed, accessed, and stored in the Cloud.​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2023-12-01

  • Description: The Data and Information Security on Premise standard defines the security measures and controls required to secure Government of Alberta (GoA) data and information assets processed, stored, or in transit across GoA internal networks (Intranet).​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-06-10

  • Description: This standard outlines the minimum requirements for a server or service to be classified as hardened in the Government of Alberta (GoA).​​This standard replaces the Server Hardening Standard.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-08-15

  • Description: This standard defines Government of Alberta (GoA) requirements for the secure and consistent configuration, development, deployment, and maintenance of GoA information management and technology (IMT) solutions, information, and data. This standard replaces the Application Security Standard.​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-09-05

  • Description: The Digital User Credentials Standard establishes the Government of Alberta (GoA) password credentials requirements for various account scenarios. Passwords (or pass phrases) are an important aspect of computer security. A user’s credentials are the first line of defense in the protection of user accounts. A poorly chosen password may result in a compromise of GoA network. As such, all GoA employees (including contractors and vendors with access to GoA systems, are responsible for taking the appropriate steps to select and secure their password.​ As such, all GoA employees (including contractors and vendors with access to GoA systems, are responsible for taking the appropriate steps to select and secure their password.

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-08-06

  • Description: Defines requirements for responding to disasters that could adversely impact Government of Alberta (GoA) Information Technology (IT) and business operations. This control policy ensures plans and processes are in place for the GoA to adequately respond to human induced or natural disasters. These disasters could negatively impact core IT services and critical business application availability over an ext​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ended period of time (24 hours or greater).​​​​​​​​​​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-09-19

  • Description: ​The Encrypted Traffic Inspection Standard specifies the approach and controls governing the interception, decryption, and inspection of traffic entering or exiting Government of Alberta (GoA) Information Technology (IT) environments. Traffic inspection provides additional detection and prevention capabilities against malicious activities and malware targeting GoA information and data assets.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-03-10

  • Description: This standard provides guidance on encryption services required for Government of Alberta (GoA) end-user computing devices.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-01

  • Description: This standard seeks to limit external (internet) access to non-production Information Management and Technology (IMT) systems to limit the potential of vulnerability exposure for Government of Alberta (GoA) applications where full security testing has not yet been completed.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected B

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-08-22

  • Description: This standard defines the Government of Alberta (GoA) naming standards for GoA Accounts used within Active Directory Services (ADS). This standard replaces the Naming Standard - GoA Network Accounts. ​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-09-28

  • Description: ​​​This standard defines the Government of Alberta (GoA) requirements for implementing anti-malware systems used to detect and block malicious software, such as computer viruses, worms, spyware, and ransomware. Early detection of malware helps to reduce and manage potential risks to the GoA computing environment. ​​

  • Instrument type: Directive

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-09-12

  • Description: This directive establishes minimum cybersecurity requirements to control who and what can access GoA systems and data. It ensures that the right individuals gain access to the right materials and records at the right time, as well as making it safe, secure, and simple to change access rights, group memberships, and other key attributes as users and systems, change, are added, or removed​.​​​​​​​

  • Instrument type: Procedure

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-07-22

  • Description: This Standard Operating Procedure (SOP) provides the processes and instructions for managing information security Incidents and lessons learned in the Government of Alberta (GoA). It outlines the different types of security incidents that can occur and the detailed workflow processes that the GoA should follow when responding to a security incident.​​

  • Instrument type: Directive

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-11-21

  • Description: ​​​​​​​The Information Security Management Directives establish corporate security requirements for Information Management and Technology (IMT) systems, and organizational roles and responsibilities for information security management within the Government of Alberta (GoA) and its departments. The directive statements identify the controls necessary to implement foundational IMT security within the Government of Alberta. GoA security standards and other policy instruments provide further information regarding the details surrounding the implementation of these directives.​

  • Instrument type: Framework

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-07-08

  • Description: The IT Disaster Recovery Framework integrates Policy, Standards, Risk and Procedures into a single structure and provides the building blocks for the Government of Alberta (GoA) Information Technology (IT) Disaster Recovery program and operations. The framework provides the structure for achieving ISMD compliance in a logical manner and documents appropriate levels of governance for all control activities. It is part of the GoA Cybersecurity Controls Framework.​​​​

  • Instrument type: Guideline

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-05-12

  • Description: ​​​​The IT disaster recovery playbook is a subset of the organization’s business continuity plan (BCP) which encompasses IT and non-IT aspects of business resumption such as facilities, personnel, and communications. The IT disaster recovery playbook outlines a series of procedures and protocols designed to help organizations effectively respond to different types of IT disasters and coordinate the resumption of IT services.​​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-11

  • Description: This standard describes security, event, and error logging requirements for Government of Alberta (GoA) servers, networks, and applications. Error and event logging assists GoA technical teams in detecting error and event trends that could lead to system failures. Events and events of interest are also used for correlation across networks and systems when a system fails, or a security incident occurs.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-10

  • Description: The Patch and Version Management Standard establishes the cybersecurity requirements for managing and patching all Government of Alberta (GoA) managed devices and systems with appropriate security updates.

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-03-04

  • Description: Defines the control objectives for identification, assessment, and management of cybersecurity risks (cyber risk) within the GoA. Cyber risk is managed through risk assessment, threat identification, vulnerability assessment, and documented processes for reporting and treating risk.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-01-29

  • Description: The Secrets Management Standard establishes cybersecurity requirements for managing secrets across all solutions managed or operated by the Government of Alberta.​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-08-28

  • Description: ​The Secure Digital Media Sanitization standard defines secure methods for sanitization (erasure) of electronic media including but not limited to magnetic, optical, and flash media, within the Government of Alberta.​

  • Instrument type: Procedure

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-10-31

  • Description: Process for tracking and managing the STRA lifecycle. Security Threat and Risks Assessments (STRA) must be conducted for all new IT systems and for substantial updates to existing systems.​

  • Instrument type: Form

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2023-04-26

  • Description: Security Threat and Risks Assessments (STRA) must be conducted for all new IT systems and for substantial updates to existing systems.​​​​

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-01-24

  • Description: The purpose of this control is to establish risk and security management practices for the procurement, configuration, and development of Information Management Technology solutions in the Government of Alberta (GoA). The control objectives established in this policy apply whether the solution is developed in house, purchased as Commercial off the Shelf (COTS), open source, or a cloud-based solution (e.g., Software as a Solution (SaaS) or Platform as a Service (PaaS)). All solution delivery, including acquisition and development, regardless of type, must include risk and security management practices in all phases.​

  • Instrument type: Guideline

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-12

  • Description: This standard establishes a comprehensive and integrated approach to conducting solution threat modelling within the Government of Alberta (GoA). Solution threat modelling enables Information Controllers, Information Custodians and solution delivery and acquisition teams to proactively identity threats and risks to GoA systems and data on an ongoing basis; proactively revise solution requirements, architectures, and designs for the identified threats and risks; and improve their ability to manage their remaining solution risks and their associated costs by integrating their threat model into GoA’s Security Threat and Risk Assessment (STRA) process.

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-02-12

  • Description: ​This standard establishes a comprehensive and integrated approach to conducting solution threat modelling within the Government of Alberta (GoA).

  • Instrument type: Procedure

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-10-31

  • Description: The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.​​​

  • Instrument type: Form

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2021-10-01

  • Description: The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.​​​

  • Instrument type: Standard

  • Category: Cybersecurity

  • Security classification: Protected B

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2025-08-22

  • Description: This standard defines the requirements for managing system administrative accounts, including oversight, monitoring, and audit controls to manage potential security and business risks associated with unauthorized access or misuse of these accounts. This standard supports Information Security Management Directives (ISMD) Sections 2.1.2 and 2.1.16 (Protect).​​

  • Instrument type: Guideline

  • Category: Cybersecurity

  • Security classification: Public

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2023-10-13

  • Description: ​​​​​​​​​​​​​​This guideline is intended to educate Government of Alberta (GoA) staff on the acceptable use of third-party Natural Language Generator (NLG) applications by providing acceptable use cases for the technology.​

  • Instrument type: Control

  • Category: Cybersecurity

  • Security classification: Protected A

  • Owner: Technology and Innovation - Cybersecurity

  • Last reviewed date: 2024-12-04

  • Description: Establishes the control objectives for the vulnerability management program. It mandates ongoing scanning, investigation, analysis, and reporting of the risk associated with vulnerabilities and ensures that these weaknesses are prioritized for remediation based on the risk to Government of Alberta (GoA) systems and data.​​​

Governance

Policy instrument name

  • Instrument type: Policy

  • Category: Governance

  • Security classification: Public

  • Owner: Communication and Public Engagement

  • Last reviewed date: 2018-09-18

  • Description: ​​​​The Government of Alberta is committed to making it easy for Albertans to understand and use government information in all forms and formats. The intent of this policy is to ensure that government communications are coordinated and effective and give Albertans the information they need. Communicating with Albertans is a key function of government, involving officials and employees at all levels. This policy guides all ministries and all government employees.

  • Instrument type: Policy

  • Category: Governance

  • Security classification: Public

  • Owner: Communication and Public Engagement

  • Last reviewed date: 2018-12-20

  • Description: ​​​Provides the rules governing Government of Alberta staff for the creation, maintenance, review and decommissioning of public-facing web properties.

  • Instrument type: Policy

  • Category: Governance

  • Security classification: Protected A

  • Owner: Technology and Innovation

  • Last reviewed date: 2011-03-30

  • Description: A document that outlines the GoA IMT prioritization and investment principles.

  • Instrument type: Strategy

  • Category: Governance

  • Security classification: Protected A

  • Owner: Technology and Innovation

  • Last reviewed date: 2011-03-21

  • Description: This document outlines the requirements to developing and establishing a single-enterprise approach to IMT. These requirements include co-ordinated planning, integration of IMT infrastructure planning into the capital planning process, sound governance and improved project-execution skills. The strategies in this document will enable the new IMT model to transform how information technology across government is planned, operated and managed.

Hardware

Policy instrument name

  • Instrument type: Directive

  • Category: Hardware

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-12-05

  • Description: The purpose of this directive is to ensure that the EUC service operates in a cost-effective manner and within its assigned budget. The principle of “one user, one device” is key to achieving this goal, as computing devices are leased from a vendor. The return of devices that are not currently in use is key to avoiding unnecessary costs.

Mobile devices

Policy instrument name

  • Instrument type: Procedure

  • Category: Mobile devices

  • Security classification: Public

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2020-07-07

  • Description: ​This procedure will guide ministry Senior Financial Officers, ministry expenditure officers, and Government of Alberta (GoA)-assigned mobile device end-users in the fair and consistent repayment of excessive bills.

  • Instrument type: Policy

  • Category: Mobile devices

  • Security classification: Public

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2020-07-07

  • Description: ​This policy provides government-wide guidance o both expenditure officers and end-users on the proper procurement, use and disposal of Government of Alberta (GoA)-assigned mobile devices.

Network infrastructure

Policy instrument name

  • Instrument type: Standard

  • Category: Network infrastructure

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2027-09-30

  • Description: This standard provides a consistent approach for the application of descriptive tags and labels to all resources provisioned within Azure (Microsoft Azure), AWS (Amazon Web Services) and GCP (Google Cloud Platform) under the control of the Government of Alberta (GoA).

  • Instrument type: Policy

  • Category: Network infrastructure

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2022-09-20

  • Description: The purpose of the GoA Cloud Services Policy is to provide clear direction and establish the principles and guidelines to enable adoption of Cloud services. Adoption of Cloud Services is important for the GoA to transition to a Digital Government and transform service delivery.

  • Instrument type: Strategy

  • Category: Network infrastructure

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2020-10-01

  • Description: ​​​​​​The Government of Alberta Cloud Strategy documents the learnings and recommendations on the approach to leverage cloud services while minimizing risks to services delivered to Albertans.

  • Instrument type: Framework

  • Category: Network infrastructure

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2020-10-05

  • Description: ​​Communicates the design rationale, specification and operating standards for the shared environment.​​

  • Instrument type: Standard

  • Category: Network infrastructure

  • Security classification: Public

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2019-06-15

  • Description: ​​​​​​​The standard below identifies the active code for the Government of Alberta Sectors, Departments, and Advisory Boards Committees or Councils.  The departments, agencies, offices, boards and legislative officers are defined under the Government Organization Act, the Freedom of Information and Protection of Privacy Act or the Legislative Assembly of Alberta.

  • Instrument type: Standard

  • Category: Network infrastructure

  • Security classification: Protected B

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-12-16

  • Description: his standard outlines Government of Alberta (GoA) naming requirements for email, device names, messaging names, and object names in the GoA Enterprise information technology (IT) environment.

Privacy

Policy instrument name

  • Instrument type: Standard

  • Category: Privacy

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2025-06-11

  • Description: The Protection of Privacy Act (POPA) specifies the manner in which public bodies may collect personal information from individuals. The term “public bodies” includes all Government of Alberta departments and designated agencies, boards, and commissions (ABCs).

  • Instrument type: Guideline

  • Category: Privacy

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2023-12-07

  • Description: ​​​​​​The Freedom of Information and Protection of Privacy Act (the FOIP Act) requires all public bodies to make a directory that lists the public body’s personal information banks (PIBs) available to the public for inspection and copying. The purpose of making this information available is to help the public know what personal information the public body might have about them as individuals. The purpose of this guide is to assist the public bodies with identifying PIBs and developing the list of PIBs in the custody or under the control of the public body.​

  • Instrument type: Procedure

  • Category: Privacy

  • Security classification: Protected A

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2023-09-01

  • Description: This privacy breach procedure serves to strengthen the GoA’s commitment to the protection of personal information by having a standard procedure on managing privacy breaches.​​

  • Instrument type: Framework

  • Category: Privacy

  • Security classification: Public

  • Owner: Technology and Innovation - Innovation, Privacy and Policy

  • Last reviewed date: 2025-06-01

  • Description: ​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​The Privacy Management Framework (PMF) provides high-level strategic direction to maintain consistent and effective privacy management across the GoA in today's rapidly evolving digital world. The PMF demonstrates the government's commitment to the protection of personal information by:defining "privacy by design"; specifying Framework Principles that will inform the development and revision of new and/or existing policy instruments; highlighting privacy-related commitments the GoA ​will be implementing in support of the Framework Principles; and providing an overview of the roles, policy instruments and processes that support and articulate the Framework Principles.​​

Software and systems development

Policy instrument name

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-11-22

  • Description: This standard establishes an organizational approach for application development to ensure ​consistent implementation of and adherence to industry best practices; simplified application sustainability; and limited exposure of the Government of Alberta’s (GoA) information management technology (IMT) infrastructure and information assets to vulnerabilities.​

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2017-03-22

  • Description: ​The Cloud Computing Reference Architecture standard will enable the Government of Alberta (GoA) to be an effective adopter of Cloud Computing, and provide more responsive and efficient IT services. The standard provides a "one-enterprise" approach for Cloud Computing to guide the GoA IT and government business.  Careful consideration is given to security, privacy, classification of information, and availability of the Cloud Computing services. The GoA will adopt the National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture with the amendments described in the "GoA Cloud Computing Reference Architecture" document.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Communication and Public Engagement

  • Description: ​​​The goals of the digital experience standard create a cohesive user experience for users of Government of Alberta (GoA) websites and applications, prioritizing ease of use, accessibility and readability.​​

  • Instrument type: Digital Service Standards

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2024-05-28

  • Description: ​​​​​​​The Digital Service Standards set clear expectations on how the Government of Alberta will deliver better, faster, smarter services. Through the standards and new supports and guidance, we’re shifting how teams develop and produce user-centred products for citizens and businesses in a safe and secure manner.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Protected A

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2025-03-20

  • Description: The Digital Trust and Identity Assurance Standard (DTIAS) establishes a framework for the secure management of digital trust, identity assurance, and governance in online interactions ​with externally facing digital services provided by the Government of Alberta (GoA). The standard ensures a consistent approach to identity assurance, access management, and governance for external parties engaging with government services.​

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2020-05-15

  • Description: ​​​​This document provides business areas and IMT solution designers with a set of common solutions to electronic signature needs within the government for both purely internal scenarios and for scenarios where the signatures must cross organization boundaries, inbound, outbound or both.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2020-05-15

  • Description: ​​The set of requirements for electronic signature solutions provided here supports the Electronic Signature Technical Standard. These requirements are to be used when designing a custom electronic signature solution or acquiring a new electronic signature solution for the government.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2020-05-15

  • Description: ​This document establishes the Government of Alberta's (GoA) technical standards for its information management and technology (IMT) solutions to its electronic signature business needs.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2015-10-27

  • Description: The standard below outlines the Government of Alberta (GoA) standard for an enterprise architecture framework. An enterprise architecture framework is the set of terminology, tools, processes, standards and best practises used to achieve an organization's goals with information technology. The GoA will adopt The Open Group Architecture Framework (TOGAF) as the standard for the GoA EA practice and as a guiding methodology to manage and run the GoA EA Program.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2015-11-30

  • Description: The standard outlines the Government of Alberta (GoA) standard for Enterprise Architecture Principles. Enterprise Architecture Principles are a set of overarching guidelines and rules that relate to Information Management Technology (IMT) architecture work across all areas of the Government of Alberta.  The principles reflect a level of consensus among the various government organizations of the GoA enterprise, and form the basis for making IT decisions.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2018-09-21

  • Description: ​​The Mobile Application Development Technical Standard is for the development of mobile applications for the Government of Alberta. These Standards are to be used when developing or updating mobile applications either for external distribution (via Apple Store, Google Play Store and Windows App Store) or internal GoA distribution.  The standards are a combination of Government of Alberta requirements and mobile requirements from mobile platforms such as Android, iOS and Windows.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2018-09-21

  • Description: ​​The Mobile Application Submission Standard is for the submission of mobile applications for internal and external distribution. All mobile applications ready for submission must follow these Standards in order to submit the application either via Service Alberta's internal distribution mechanisms or externally to mobile marketplaces such as the Apple App Store, Google Play Store and Windows App Store.

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Public

  • Owner: Technology and Innovation - Digital Design and Delivery

  • Last reviewed date: 2018-09-21

  • Description: ​​​The Mobile UI Design Technical Standard is for the development of mobile applications for the Government of Alberta (GoA) focusing on key UI design elements.  These Standards are to be used when developing or updating a mobile application either for internal GoA distribution or external distribution on mobile marketplaces such as Apple App Store, Google Play Store and Windows App Store.  The standards are a combination of Government of Alberta requirements and mobile UI design guidelines from mobile platforms such as Android, iOS and Windows

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-11-22

  • Description: This standard identifies the requirement for implementing REST APIs within the Government of Alberta. The general Web API Standard contains overarching requirements which also apply to REST APIs.​​

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-11-22

  • Description: This standard identifies the requirement for implementing SOAP APIs within the GoA. The general Web API Standard contains overarching requirements which also apply to SOAP APIs.​

  • Instrument type: Standard

  • Category: Software and systems development

  • Security classification: Protected A

  • Owner: Technology and Innovation - Technology Support and Operations

  • Last reviewed date: 2024-11-22

  • Description: This standard addresses Web APIs as a whole within the GoA.​​ Web application programming interfaces (APIs) provide access to information, content, and solution functionality in a flexible, lower-cost, secure, managed way. They are a foundational element of the Government of Alberta​​​​ approach to supporting its digital government vision. Conformance to this standard will enable the GoA to reach that vision while balancing the costs, benefits, and risks of doing so.​​

© 2025 Government of Alberta