IMT Policy Tools Portal search

Access to Information Act

Tool type: Legislation
Security classification: Public
Owner: Service Alberta and Red Tape Reduction
Description: Establishes the legislative framework on access to information in the public sector. It provides for public accountability through a right of access to records under the control of public bodies.

View policy tool:
Access to Information Act

Alberta Evidence Act

Tool type: Legislation
Security classification: Public
Owner: Justice
Description: Provides rules on the admissibility of records in court proceedings.

View policy tool:
Alberta Evidence Act

Electronic Transactions Act

Tool type: Legislation
Security classification: Public
Owner: Technology and Innovation
Description: Provides legal recognition of information and records in electronic form; allows for the provincial government and the private sector to conduct business; electronically based on consent of the parties; sets out conditions related to electronic signatures; permits electronic activities related to contracts.

View policy tool:
Electronic Transactions Act

Government Emergency Management Regulation

Tool type: Legislation
Security classification: Public
Owner: Municipal Affairs
Description: Defines the responsibilities of departments in emergency situations; requires the protection of all assets and records maintained by respective ministries.

View policy tool:
Government Emergency Management Regulation

Government Organization Act

Tool type: Legislation
Security classification: Public
Owner: Executive Council
Description: Schedule 11, Section 14 of this Act identifies the government organizations that must comply with the records management program; provides for the enactment of regulations related to the program.

View policy tool:
Government Organization Act

Health Information Act

Tool type: Legislation
Security classification: Public
Owner: Health
Description: Governs the collection, use and disclosure of health information; how health information must be handled and protected; and the right of the public to access health records in the custody or under control of health care providers.

View policy tool:
Health Information Act

Historical Resources Act

Tool type: Legislation
Security classification: Public
Owner: Arts, Culture and Status of Women
Description: Section 9H of this Act identifies the responsibilities of the Provincial Archives of Alberta (PAA) for acquiring and preserving government records; identifies the PAA as the official repository for government records of enduring value.

View policy tool:
Historical Resources Act

Office of Statistics and Information Act

Tool type: Legislation
Security classification: Public
Owner: Treasury Board and Finance
Description: Governs the collection, compilation, analysis and publishing of statistics or other information relating to the commercial, industrial, financial, social, economic or other activities or conditions of Alberta.

View policy tool:
Office of Statistics and Information Act

Protection of Privacy Act

Tool type: Legislation
Security classification: Public
Owner: Technology and Innovation
Description: Establishes the legislative framework on the protection of personal information in the public sector. It mandates how a public body is to collect, use and disclose an individual’s personal information.

View policy tool:
Protection of Privacy Act

Records Management Regulation

Tool type: Legislation
Security classification: Public
Owner: Technology and Innovation
Description: Defines terms and outlines the membership and roles of the Alberta Records Management Committee (ARMC).

View policy tool:
Records Management Regulation

Electronic Release of Access to Information Response Packages

Tool type: Standard
Category: Access to information
Security classification: Public
Owner: Service Alberta and Red Tape Reduction
Last reviewed date: 2025-06-11
Description: Consistent practices related to the electronic release of response packages requested under the Access to Information Act (ATIA) support the modernization of access to information services and increase efficiencies.

View policy tool:
Electronic Release of Access to Information Response Packages

Fees for Access to Information Services Standard

Tool type: Standard
Category: Access to information
Security classification: Public
Owner: Service Alberta and Red Tape Reduction
Last reviewed date: 2025-06-11
Description: Ensuring that fees charged for services under the Access to Information Act (ATIA) are consistent, fair, and compliant with the ATIA supports transparent and effective provision of access to information services.

View policy tool:
Fees for Access to Information Services Standard

FOIP Guide for Deputy Ministers, Deputy Heads and Delegated Decision-Makers Directive

Tool type: Directive
Category: Access to information
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2023-05-30
Description: Describes the roles and responsibilities of Deputy Ministers, Deputy Heads, Delegated Decision Makers, Assistant Deputy Ministers, FOIP Operations, and Department Communications Directors in the decision-making process for responding to access to information requests under the FOIP Act, as well as outlines specific examples when each of the above groups need to be consulted and/or advice should be sought.

View policy tool:
FOIP Guide for Deputy Ministers, Deputy Heads and Delegated Decision-Makers Directive

Enhancement of Legacy Systems Directive

Tool type: Directive
Category: Application support
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2022-05-02
Description: This directive details the obligations for all GoA staff when seeking enhancements to legacy systems.

View policy tool:
Enhancement of Legacy Systems Directive
Related policy tool 1:
Information Handling when Decommissioning Systems and Applications

Managed Technical Service Standard

Tool type: Standard
Category: Application support
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-11-22
Description: This standard establishes an organizational approach for the management and delivery of Managed Technical Services (MTS). This approach ensures that these technical services adhere to industry best practices; are actively managed; are sustained on an ongoing basis; are consistently implemented; and limit the exposure of the Government of Alberta’s (GoA) information management and technology (IMT) infrastructure and information assets to vulnerabilities.

View policy tool:
Managed Technical Service Standard
Related policy tool 1:
Information Security Management Directives

Software Asset Management Directive

Tool type: Directive
Category: Application support
Security classification: Public
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2025-08-01
Description: This directive defines the obligations for all Government of Alberta staff with regards to the management of software assets.

View policy tool:
Software Asset Management Directive

Finance - 2022-015

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for records relating to financial activities in the Alberta Government ministries and agencies that currently use ARDA to disposition financial records.

View policy tool:
Finance - 2022-015

Acceptable Use of Microsoft Forms Guideline

Tool type: Guideline
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2025-08-26
Description: Microsoft Forms is a versatile application within the Microsoft 365 suite available to all Government of Alberta (GoA) staff that enables business areas to create, distribute, and analyze surveys and other information-gathering forms efficiently to facilitate data collection and support decision-making. This guideline is intended to educate GoA staff on the acceptable use of Microsoft Forms by providing considerations and acceptable use cases for using the technology.

View policy tool:
Acceptable Use of Microsoft Forms Guideline

Action Request Tracking System (ARTS) Usage Policy

Tool type: Policy
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2021-06-08
Description: The Action Request Tracking System (ARTS) Usage Policy establishes mandatory requirements for ARTS across the Government of Alberta (GoA). This policy ensures standardized usage and outlines roles and responsibilities for ARTS and its content.

View policy tool:
Action Request Tracking System (ARTS) Usage Policy
Related policy tool 1:
Data and Information Security Classification Standard
Related policy tool 2:
Information Security Management Directives (ISMD)

Action Requests - 1992/129-A001

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for responses to action requests received from Ministers' Offices.

View policy tool:
Action Requests - 1992/129-A001

Administrative Records Disposition Authority (ARDA) - 1986/050-A018*

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: May be used as a records retention and disposition schedule for common administrative records in Alberta Government ministries and agencies.

View policy tool:
Administrative Records Disposition Authority (ARDA) - 1986/050-A018*

Alienation of Government Records Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-09-16
Description: This directive applies when Government of Alberta (GoA) records are alienated to a third-party entity due to the GoA transferring accountability and responsibility for programs or services to that entity.

View policy tool:
Alienation of Government Records Directive
Related policy tool 1:
Records Management Regulation
Related policy tool 2:
Content Management Policy

Applying Electronic Signatures

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2024-04-01
Description: Guidance for applying electronic signatures within the Government of Alberta.

View policy tool:
Applying Electronic Signatures

Backup Systems – 2003/043-A001

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Provides a legal disposition authority to dispose of the records associated with the backup process, and the content of the backups; provides a common approach to backups for all ministries, agencies, boards and commissions of the Government of Alberta.

View policy tool:
Backup Systems – 2003/043-A001

Checklist for Cancellation of Duplicate Records Retention and Disposition Schedules

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-06-01
Description: This checklist clarifies the process for the identification and cancellation of duplicate records retention and disposition schedules (“schedules”) and/or items within a schedule (“schedule items”). The checklist supports implementation of the Duplicate Records Retention and Disposition Schedules Directive.

View policy tool:
Checklist for Cancellation of Duplicate Records Retention and Disposition Schedules
Related policy tool 1:
Duplicate Records Retention and Disposition Schedules Directive

Content Management Policy

Tool type: Policy
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2022-03-24
Description: This policy states the requirements to which departments will adhere when managing content. Content encompasses all records, data and/or information, regardless of format, state and/or classification.

View policy tool:
Content Management Policy
Related policy tool 1:
Information Controller and Information Custodian Directive
Related policy tool 2:
Data Management Roles Directive

Content Management Requirements Assessment and Risk Acceptance Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-06-01
Description: This guideline outlines recommendations for the assessment of content management requirements and documentation of potential content management risks by information controllers and custodians in the Government of Alberta (GoA).

View policy tool:
Content Management Requirements Assessment and Risk Acceptance Guideline
Related policy tool 1:
Content Management Policy
Related policy tool 2:
Information Controller and Information Custodian Directive

Core Content Standard Metadata Application Profile (CORMAP)

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-04-01
Description: The purpose of the Core Content Standard Metadata Application Profile (CORMAP) is to provide business rules and guidance on the use and application of the 15 descriptive metadata elements described in the Metadata Core Content Standard. These metadata elements are primarily based on internationally recognized Dublin Core metadata elements.

View policy tool:
Core Content Standard Metadata Application Profile (CORMAP)
Related policy tool 1:
Metadata - Core Content Standard

Damaged Records – 2011/002-A002

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for records that have been damaged (for example: harmed, contaminated or spoiled) during a disaster.

View policy tool:
Damaged Records – 2011/002-A002

Data and Information Management Framework

Tool type: Framework
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2018-03-01
Description: Describes a disciplined, consistent approach to managing information assets and creating information management policy instruments.

View policy tool:
Data and Information Management Framework

Data and Information Security Classification

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-12-02
Description: This standard describes four levels of security classifications that Ministries must apply to data and information. Appropriately classifying data and information is the first step in ensuring the confidentiality, integrity, trustworthiness, availability, and protection of privacy of data and information. This standard aligns with the Government of Canada's information security classification scheme, and enables better data and information sharing practices across jurisdictions.

View policy tool:
Data and Information Security Classification
Related policy tool 1:
Data and Information Security Classification Guideline

Data and Information Security Classification Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-12-01
Description: This guide outlines the standardized approach for the application of security classification to data and information in the custody and/or under the control of the Government of Alberta (GoA). The approach detailed in this guide supports implementation of the Data and Information Security Classification Standard and aligns with the data and information security classification levels established by the Government of Canada.

View policy tool:
Data and Information Security Classification Guideline
Related policy tool 1:
Data and Information Security Classification Standard

Data Ethics Framework

Tool type: Framework
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2025-07-01
Description: The Government of Alberta (GoA) is accountable for and committed to the ethical creation, collection, management (including access, disclosure, disposition) and use of data. This framework provides high-level strategic direction to maintain consistent and effective data ethics across the GoA in the rapidly evolving digital world. The Data Ethics Framework (DEF) demonstrates the GoA's commitment to data ethics by specifying principles that will inform the development of new and/or revision of existing policy instruments and by highlighting data ethics-related commitments the GoA will implement in support of the framework principles.

View policy tool:
Data Ethics Framework
Related policy tool 1:
Privacy Management Framework
Related policy tool 2:
Content Management Policy

Data Exchange Standards

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-11-01
Description: This standard establishes common format for data on how it is structured for sharing. This is required to ensure the clarity and the accuracy of data exchanged between Government of Alberta (GoA) applications. The standard enables consistent interpretation of data across different entities, minimizing the risk of misinterpretation or information loss.

View policy tool:
Data Exchange Standards

Data Management Roles Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2022-04-26
Description: This directive outlines some of the key roles required to manage data in the custody and/or under the control of the Government of Alberta departments as an enterprise resource; and how the key data management roles and layers interact with one another.

View policy tool:
Data Management Roles Directive
Related policy tool 1:
Content Management Policy
Related policy tool 2:
Information Controller and Information Custodian Directive

Desktop Shredders in Ministers’ Offices

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-02-08
Description: Guidance to assist Ministers’ Office staff with understanding their obligations in the management of transitory records and the specific circumstances that would allow for the use of desktop shredders in ministers’ offices.

View policy tool:
Desktop Shredders in Ministers’ Offices

Digital Records Conversion and Migration Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-07-31
Description: This standard establishes that the Government of Alberta adopts ISO 13008:2022 (E): Information and documentation – Digital records conversion and migration process which outlines requirements that must be met when converting digital records from one format to another, and when migrating digital records from one hardware or software configuration to another.

View policy tool:
Digital Records Conversion and Migration Standard
Related policy tool 1:
Digitization Standard
Related policy tool 2:
Digitization Guideline

Digitization Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-07-01
Description: This guideline outlines the standardized process for the digitization of content in the custody and/or under the control of the Government of Alberta. The process detailed in this guide supports implementation of the Digitization Standard, and aligns with the Canadian General Standards Board (CGSB) 72.34-2017, Electronic records as documentary evidence standard established by the Government of Canada.

View policy tool:
Digitization Guideline
Related policy tool 1:
Digitization Standard

Digitization Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-07-01
Description: This standard establishes the process that departments must implement when the goal of a digitization initiative is to create official digital records. The verified digital format must inherit and preserve the authoritative characteristics: authenticity, integrity, reliability, and useability of the official physical source records to be demonstrable, accessible, and admissible.

View policy tool:
Digitization Standard
Related policy tool 1:
Digitization Guideline
Related policy tool 2:
Metadata - Core Content Standard

Duplicate Records Retention and Disposition Schedules Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-06-01
Description: This directive clarifies operational roles and responsibilities for the identification and cancellation of duplicate records retention and disposition schedules (“schedules”) and/or items within a schedule (“schedule items”).

View policy tool:
Duplicate Records Retention and Disposition Schedules Directive
Related policy tool 1:
Checklist for Cancellation of Duplicate Records Retention and Disposition Schedules

Electronic File Naming Conventions

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-08-01
Description: Naming conventions are rules applied to electronic documents, folders, and other files (e.g., graphic files, spreadsheets, workflow diagrams, etc.). Naming electronic files consistently, logically, and in a predictable way distinguishes them from one another at a glance and facilitates reliable storage and retrieval.

View policy tool:
Electronic File Naming Conventions
Related policy tool 1:
Data Exchange Standards
Related policy tool 2:
Data and Information Security Classification Standard

Electronic Signature Metadata

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2017-02-01
Description: This standard describes the electronic signature process requirements, the specifications and the metadata requirements that ministries must implement to support the creation of authentic, reliable and trustworthy electronic records that have an electronic signature attachment or association.

View policy tool:
Electronic Signature Metadata

Electronic Signature Types Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2024-04-01
Description: This standard identifies the different types of electronic signatures used in, or received by, the Government of Alberta (GoA), and directly supports the GoA’s implementation of electronic signatures.

View policy tool:
Electronic Signature Types Standard
Related policy tool 1:
Electronic Signatures Solutions Guideline

Electronic Signatures Solutions Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2022-11-28
Description: This guideline describes the process that business areas must follow in order to use an approved electronic signature solution. This guideline is intended to help: identify risks and/or prohibitions associated with meeting legal and evidentiary requirements; mitigate potential risks; andensure the appropriate implementation and use of an approved electronic signature solution.

View policy tool:
Electronic Signatures Solutions Guideline
Related policy tool 1:
Electronic Signature Types Standard
Related policy tool 2:
Electronic Signature Metadata Standard

Email Decision Diagram

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-01-31
Description: This guide is intended to help public servants distinguish between emails that are official records and those that are transitory.

View policy tool:
Email Decision Diagram

Executive Office Records - 2007/020-A002

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for records relating to executive actions made in support of legislated mandates and corporate governance.

View policy tool:
Executive Office Records - 2007/020-A002

Fleet Management - 2019/020

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Service Alberta and Red Tape Reduction
Description: Used for managing light-duty vehicle leases and purchases of all departments, provincial agencies and fund administrators.

View policy tool:
Fleet Management - 2019/020

Human Resources - 2022-001

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for records relating to human resource activities in the Alberta Government ministries and agencies that currently use ARDA to disposition human resource records.

View policy tool:
Human Resources - 2022-001

Identifying Official and Transitory Records Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-10-15
Description: The intent of this guideline is to educate and empower Government of Alberta (GoA) staff to appropriately identify official and transitory records.

View policy tool:
Identifying Official and Transitory Records Guideline
Related policy tool 1:
Official and Transitory Records Directive
Related policy tool 2:
Retention and Disposition of Official and Transitory Records Guideline

Information Controller and Information Custodian Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2021-11-30
Description: This directive defines the roles and responsibilities of information controllers and information custodians in the Government of Alberta.

View policy tool:
Information Controller and Information Custodian Directive
Related policy tool 1:
Information Controller and Information Custodian Guideline

Information Controller and Information Custodian Guideline

Tool type: Guideline
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-12-22
Description: This guideline outlines recommendations for the assignment and documentation of information controllers and information custodians in the Government of Alberta. This guideline supports the implementation of the requirements detailed in the Information Controller and Information Custodian Directive.

View policy tool:
Information Controller and Information Custodian Guideline
Related policy tool 1:
Information Controller and Information Custodian Directive

Information Handling when Decommissioning Systems and Applications

Tool type: Guideline
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-08-27
Description: This document helps Government of Alberta staff meet requirements by detailing decommissioning scenarios and consultation contacts.

View policy tool:
Information Handling when Decommissioning Systems and Applications
Related policy tool 1:
Digital Records Conversion and Migration Standard
Related policy tool 2:
Records Retention and Disposition Schedules FAQ

Information Management and Technology - 2026/002

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for records relating to information management and technology activities in the Alberta Government ministries and agencies that currently use ARDA to disposition information management and technology records.

View policy tool:
Information Management and Technology - 2026/002

Information Management Readiness Organizational Change Events Playbook

Tool type: Procedure
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-01-24
Description: This playbook outlines key information management tasks, system updates, and communication approaches to ensure effective organizational change.

View policy tool:
Information Management Readiness Organizational Change Events Playbook

Information Management Strategy

Tool type: Strategy
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2014-01-14
Description: Articulates a clear vision for information management, including key business drivers, specific goals, strategies and projects.

View policy tool:
Information Management Strategy

Legal Services – 2017-004-A001

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for records relating to Legal Services Division's legal and strategic activities across the Government of Alberta.

View policy tool:
Legal Services – 2017-004-A001

Litigation Response and Information Discovery Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-03-07
Description: This directive details the content management obligations for all Government of Alberta staff (which includes, but is not limited to, contractors, volunteers, appointees, interns, and students working with a public body) when responding to litigation holds and engaging in information discovery activities.

View policy tool:
Litigation Response and Information Discovery Directive
Related policy tool 1:
Litigation Response and Information Discovery Guideline

Litigation Response and Information Discovery Guideline

Tool type: Guideline
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-06-01
Description: This guideline details the steps required for Government of Alberta (GoA) employees to identify, preserve, collect, process, and produce records responsive to active (or reasonably anticipated) litigation (e.g., a legal proceeding, investigation, audit, formal inquiry, and/or request for information). A coordinated information discovery process will ensure a repeatable and defensible process for litigation response activities across government.

View policy tool:
Litigation Response and Information Discovery Guideline
Related policy tool 1:
Litigation Response and Information Discovery Directive

Management of Instant and Text Messages Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-08-01
Description: This directive details the information management obligations for all Government of Alberta staff (which includes, but is not limited to, contractors, volunteers, appointees, interns, and students working with a public body) when handling instant and/or text messages.

View policy tool:
Management of Instant and Text Messages Directive

Managing Information in Executive Offices Reference Guide

Tool type: Guideline
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-10-09
Description: This information is to assist staff in Deputy Minister and Assistant Deputy Minister offices in the execution of their duties and responsibilities for managing information in their offices (executive offices).

View policy tool:
Managing Information in Executive Offices Reference Guide
Related policy tool 1:
Official and Transitory Records Directive
Related policy tool 2:
Information Controller and Information Custodian Guideline

Managing Lost and Compromised Content Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-08-01
Description: This directive outlines obligations for managing lost and compromised content in terms of notifying, assessing/investigating, and documenting; and reporting an incident to the appropriate business area and/or committee.

View policy tool:
Managing Lost and Compromised Content Directive
Related policy tool 1:
Content Management Policy
Related policy tool 2:
Information Controller and Information Custodian Directive

Managing OneDrive, Outlook and Desktop Content for Staff Transfers and Exits Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-08-01
Description: This standard establishes requirements for managing Outlook, OneDrive, and Desktop content when an employee transfers between areas or exits the Government of Alberta.

View policy tool:
Managing OneDrive, Outlook and Desktop Content for Staff Transfers and Exits Standard

Managing Records in Ministers' Offices Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2018-12-01
Description: This guideline offers specific guidance for managing the information produced and used in ministers’ and deputy ministers’ offices.

View policy tool:
Managing Records in Ministers' Offices Guideline
Related policy tool 1:
Identifying Official and Transitory Records Guideline

Managing Voicemail as Official Records Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-02-23
Description: This guideline outlines best practices for the management of information related to voicemail received on any Government of Alberta (GoA) phone (VOIP, landline, softphone, or mobile).

View policy tool:
Managing Voicemail as Official Records Guideline
Related policy tool 1:
Data and Information Security Classification
Related policy tool 2:
Metadata - Core Content

Metadata — Core Content Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-04-01
Description: This standard describes the foundational set of metadata elements to be applied to all electronic data/information resources within the Government of Alberta (GoA). These descriptive metadata elements provide context and meaning to assist with use and interpretation while supporting interoperability and extensibility across all business areas and disciplines. This standard is not intended for the application of technical metadata elements.

View policy tool:
Metadata — Core Content Standard

Metadata — Geospatial Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-10-01
Description: This standard applies to all geospatial data within the Government of Alberta (GoA). The purpose of this standard is to provide clarification and consistency in requirements around the creation and development of geospatial metadata.

View policy tool:
Metadata — Geospatial Standard
Related policy tool 1:
Metadata — Core Content Standard

Ministers' Offices – 2002/041-A001

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Used for ministry and cabinet records that are generated or received by ministers in their capacity as ministers of the crown.

View policy tool:
Ministers' Offices – 2002/041-A001

Official and Transitory Records Decision Diagram

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-10-15
Description: An aid for Government of Alberta employees to determine if a record is official or transitory.

View policy tool:
Official and Transitory Records Decision Diagram
Related policy tool 1:
Official and Transitory Records Directive
Related policy tool 2:
Identifying Official and Transitory Records Guideline

Official and Transitory Records Directive

Tool type: Directive
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-10-15
Description: This directive defines transitory and official records for the purposes of the Government of Alberta's records management program and reinforces established IM requirements.

View policy tool:
Official and Transitory Records Directive
Related policy tool 1:
Identifying Official and Transitory Records Guideline
Related policy tool 2:
Retention and Disposition of Official and Transitory Records Guideline

Open Data Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-10-01
Description: The purpose of this standard is to establish criteria for publishing data in the custody and/or control of the Government of Alberta (GoA) for public use, adaptation, and distribution under the Open Government Licence and to set the criteria that will be measured to determine the success of the program.

View policy tool:
Open Data Standard
Related policy tool 1:
Open Information and Open Data Policy
Related policy tool 2:
Metadata — Core Content Standard

Open Government Metadata Application Profile Standard

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-11-01
Description: This standard applies to all content in the Open Government Portal and the descriptive metadata that is created and maintained about the content.

View policy tool:
Open Government Metadata Application Profile Standard
Related policy tool 1:
Open Government Metadata Application Profile Standard Guide

Open Government Metadata Application Profile Standard Guide

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-11-01
Description: This guideline supports the Open Government Metadata Application Profile (OGMAP) by providing enhanced descriptions of the metadata elements provided in OGMAP for use in the Open Government Portal.

View policy tool:
Open Government Metadata Application Profile Standard Guide
Related policy tool 1:
Open Government Metadata Application Profile Standard

Open Information and Open Data Policy

Tool type: Policy
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2013-12-03
Description: The Open Information and Open Data Policy provides a framework to establish the operational responsibilities, organization, processes, tools and other resources required for a single approach to the open data and open information programs. The policy also provides foundational assurance and guidance to staff from across the Government of Alberta with respect to identifying, preparing, and publishing data and information through the open data and open information portals on a routine basis going forward.

View policy tool:
Open Information and Open Data Policy

Orphaned Records Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-07-01
Description: This guideline outlines activities and accountabilities staff and/or business areas are to undertake when orphaned Government of Alberta records are discovered. Incidences of truly orphaned records are rare. However, when these records are discovered, it is essential to determine the appropriate information controller and business areas that should have custody and control of these records to continue the information management (IM) lifecycle.

View policy tool:
Orphaned Records Guideline
Related policy tool 1:
Information Controller and Information Custodian Directive

Records Management Program

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-02-28
Description: This standard provides the foundation for establishing a records management program in the Government of Alberta (GoA). This standard will help to ensure the integrity of the records management program, the authenticity and reliability of records, that appropriate attention and protection is given to all records, and that evidence and information contained within those records can be retrieved efficiently and effectively.

View policy tool:
Records Management Program
Related policy tool 1:
Digital Records Conversion and Migration Standard

Records Retention and Disposition Schedules: Questions and Answers

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-10-15
Description: Frequently asked questions about records and retention schedules for Government of Alberta and public agency staff.

View policy tool:
Records Retention and Disposition Schedules: Questions and Answers

Retention and Disposition of Official and Transitory Records Guideline

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-10-15
Description: The intent of this guideline is to educate and empower government staff to properly handle and dispose of transitory records, and communicate the requirements and procedures that government staff must follow for the retention and disposition ofofficial records.

View policy tool:
Retention and Disposition of Official and Transitory Records Guideline
Related policy tool 1:
Official and Transitory Records Directive
Related policy tool 2:
Identifying Official and Transitory Records Guideline

Safeguarding Government Information Guide

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-08-01
Description: Alberta Public Service (APS) employees have a responsibility to take reasonable steps to safeguard government information, regardless of whether they are the creator or recipient of the information. This guide has been created to assist APS employees in securing their workplace and the information they create and manage on behalf of the people of Alberta.

View policy tool:
Safeguarding Government Information Guide
Related policy tool 1:
Acceptable Use of GoA IT Assets Directive
Related policy tool 2:
Data and Information Security Classification Standard

Saving and Exporting Messages in Teams Chats

Tool type: Guideline
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2024-07-01
Description: Provides guidance for capturing and exporting information from Microsoft Teams in alignment with the Management of Instant and Text Messages Directive.

View policy tool:
Saving and Exporting Messages in Teams Chats
Related policy tool 1:
Management of Instant and Text Messages Directive

Transitory Records – 1995/007-A003

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Technology and Innovation
Description: Transitory records containing sensitive or confidential information must be securely destroyed or deleted.

View policy tool:
Transitory Records – 1995/007-A003

Video Recording, Streaming and Sharing Directive

Tool type: Directive
Category: Content management
Security classification: Protected A
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-02-10
Description: This directive details the obligations for all Government of Alberta (GoA) staff (which includes, but is not limited to, contractors, volunteers, appointees, interns and students working with a public body) when using video recording, streaming and/or sharing services (“video services").

View policy tool:
Video Recording, Streaming and Sharing Directive

Wellness, Health and Safety - 2023/002

Tool type: Schedule
Category: Content management
Security classification: Public
Owner: Public Service Commission
Description: Used for records relating to employees' vaccinations and exemptions from being vaccinated.

View policy tool:
Wellness, Health and Safety - 2023/002

Work Process Analysis

Tool type: Standard
Category: Content management
Security classification: Public
Owner: Technology and Innovation - Data and Content Management
Last reviewed date: 2025-02-28
Description: Work process analysis is the required foundation for establishing and maintaining consistent information management and is necessary to determine requirements for records creation, capture and control across all Government of Alberta departments. Work process analysis is a research methodology that analyzes the context of an organization's business activities (e.g., legislative mandates), what business activities an organization conducts, what records are created by an organization's business activities, and how records created by an organization's business activities relate to the business activities that created them.

View policy tool:
Work Process Analysis
Related policy tool 1:
Records Management Program Standard

Acceptable Use of GoA IMT Assets Directive

Tool type: Directive
Category: Cybersecurity
Security classification: Public
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-03-04
Description: This directive outlines the acceptable use of IMT assets, allowable personal use and compliance consequences of improper use. The Government of Alberta (GoA) owns the data and information that it collects, processes, stores, transmits, and receives. The GoA provides employees with business tools, applications and services that assist in meeting GoA business requirements for sharing information and data, enabling collaboration between departments and the public. GoA employees are provided with the access required to perform tasks on behalf of Albertans and are, therefore, responsible for managing the information and data on behalf of the GoA.

View policy tool:
Acceptable Use of GoA IMT Assets Directive

Accessing GoA IT Resources with Non-GoA-Managed Devices Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-04-10
Description: This standard outlines the access and use of Government of Alberta (GoA) IT resources from non-GoA-managed devices or hardware and for equipment that is not supported by GoA service teams.

View policy tool:
Accessing GoA IT Resources with Non-GoA-Managed Devices Standard
Related policy tool 1:
Information Security Management Directives

Application Access Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-11
Description: The Application Access Control Policy describes the Government of Alberta’s Policy for the administration of user access to applications and systems and to ensure protection from unauthorized access and use.

View policy tool:
Application Access Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Application Vulnerability Reporting Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2023-10-17
Description: The GoA has adopted the recently developed Security.txt vulnerability reporting standard that is rapidly being adopted by organizations worldwide. The standard describes GoA’s guidelines for vulnerability reporting to the GoA by Third-Parties.

View policy tool:
Application Vulnerability Reporting Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Digital Solution Security Standard

Artificial Intelligence Usage Policy

Tool type: Policy
Category: Cybersecurity
Security classification: Public
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-05-01
Description: This policy enables and empowers Government of Alberta staff to use artificial intelligence in a transparent, responsible, secure, ethical and human-centered manner.

View policy tool:
Artificial Intelligence Usage Policy
Related policy tool 1:
Data Ethics Framework
Related policy tool 2:
Privacy Management Framework

Change Management Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-12-04
Description: This document establishes the control objectives for the GoA Information Technology (IT) Change Management Control (Change Management).

View policy tool:
Change Management Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Cryptographic Algorithms Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-03-11
Description: This standard identifies cryptographic algorithms approved by the Cybersecurity Division for use on Government of Alberta (GoA) digital systems, servers, services, and networks. The cryptographic algorithms considered acceptable for use in the GoA are based on those identified by the Communications Security Establishment Canada (CSEC). These algorithms are used to protect GoA information at rest, and in transit.

View policy tool:
Cryptographic Algorithms Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Data and Information Security Classification Standard

Cyber Threat Intelligence Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-06-07
Description: The Cyber Threat Intelligence Control Policy ensures that all operational, strategic, and tactical cybersecurity activities are informed, and in-part driven by observed and documented adversary behaviour. This ensures that security decisions affecting Information Management and Technology (IMT) assets are grounded in observation and less prone to subjective judgement. This control policy establishes cyber threat intelligence practices for the collection, assessment, dissemination, and actioning of threat intelligence across the Cybersecurity Division (CSD).

View policy tool:
Cyber Threat Intelligence Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Cybersecurity Awareness Program Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-03-11
Description: The purpose of this policy instrument is to ensure that all GoA personnel are aware of the GoA Information Security Management Directives (ISMD) and understand their responsibility to protect GoA information and data assets. All GoA personnel are therefore required to complete mandatory Cybersecurity Awareness training.

View policy tool:
Cybersecurity Awareness Program Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Cybersecurity Control Framework

Tool type: Control Framework
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-10-20
Description: The Cybersecurity Control Framework is designed to integrate risk and security management into Information Technology (IT) operations. IT must take a risk-based approach to operational activities, initiatives, projects, and services. Information and data that is not secured is subject to increasing levels of risk that can exceed the risk appetite and capacity of the GoA.

View policy tool:
Cybersecurity Control Framework
Related policy tool 1:
Information Security Management Directives

Cybersecurity Incident Handling and Response Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-08-06
Description: Defines the Government of Alberta’s (GoA) requirements for detecting and responding to cybersecurity incidents and events. This includes preparation, identification, containment, eradication, recovery and incident follow-up.

View policy tool:
Cybersecurity Incident Handling and Response Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Cybersecurity Intake Sound Check

Tool type: Form
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2022-11-16
Description: The Cybersecurity Intake Sound Check is a prerequisite for IMT projects. Before project initiation, as part of investment and portfolio management, program areas complete this questionnaire to define the cybersecurity requirements associated with their projects. These requirements include the need to classify information assets, determine the size of the project, identify proposed technology platforms and facing (internal or external), and provide or perform a Security Threat Risk Assessment (STRA).

View policy tool:
Cybersecurity Intake Sound Check
Related policy tool 1:
Solution Acquisition and Development Control

Cybersecurity Management Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-08-14
Description: The Cybersecurity Management Control Policy defines the Cybersecurity Division’s information security management control objectives, aligns with the Information Security Management Directives (ISMD), and establishes a risk-based approach for cybersecurity operations. The Cybersecurity Division implements security controls and countermeasures that reduce the risk of a breach of confidentiality, protect data integrity, and ensure the resiliency of digital services.

View policy tool:
Cybersecurity Management Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Cybersecurity Policy

Tool type: Policy
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-09-19
Description: This Cybersecurity Policy expresses the GoA’s commitment to managing cybersecurity risks effectively and efficiently. It establishes the foundation for all cybersecurity activities and focuses on the authority to develop and manage cybersecurity policy instruments and controls for the GoA.

View policy tool:
Cybersecurity Policy
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Cybersecurity Risk Management Framework

Tool type: Framework
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-11-27
Description: The Cybersecurity Risk Management Framework (CRMF) outlined in this document is designed to establish a robust, sustainable cybersecurity framework that reduces risks, strengthens the security posture of the Government of Alberta (GoA) and aligns with the Information Security Management Directives (ISMD).

View policy tool:
Cybersecurity Risk Management Framework
Related policy tool 1:
Information Security Management Directives

Cybersecurity Risk Management Process Guide

Tool type: Guideline
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-08-14
Description: This process guide is intended for use by Cybersecurity Services Division, business areas and other security practitioners to help understand Department IT security risks, prepare and conduct Security Threats and Risks Assessments (STRAs) if need be, in a timely manner as new projects are initiated. This process guide is intended to provide a context for assessing and managing IT risks and reporting high exposure risks to management and risk owners.

View policy tool:
Cybersecurity Risk Management Process Guide

Data and Information Security in the Cloud Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-11
Description: The Data and Information Security in the Cloud standard defines the security controls that are required to secure Government of Alberta (GoA) data and information assets that are managed, accessed, and stored in the Cloud.

View policy tool:
Data and Information Security in the Cloud Standard
Related policy tool 1:
Data and Information Security Classification Standard

Data and Information Security on Premise Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2023-12-01
Description: The Data and Information Security on Premise standard defines the security measures and controls required to secure Government of Alberta (GoA) data and information assets processed, stored, or in transit across GoA internal networks (Intranet).

View policy tool:
Data and Information Security on Premise Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Cryptographic Algorithms Standard

Digital Service Hardening Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2026-01-06
Description: This standard outlines the minimum requirements for a server or service to be classified as hardened in the Government of Alberta (GoA).This standard replaces the Server Hardening Standard.

View policy tool:
Digital Service Hardening Standard
Related policy tool 1:
Information Security Management Directives

Digital Solution Security Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-10-10
Description: This standard defines Government of Alberta (GoA) requirements for the secure and consistent configuration, development, deployment, and maintenance of GoA information management and technology (IMT) solutions, information, and data. This standard replaces the Application Security Standard.

View policy tool:
Digital Solution Security Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Data and Information Security Classification Standard

Digital User Credentials Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-10-10
Description: The Digital User Credentials Standard establishes the Government of Alberta (GoA) password credentials requirements for various account scenarios. Passwords (or pass phrases) are an important aspect of computer security. A user’s credentials are the first line of defense in the protection of user accounts. A poorly chosen password may result in a compromise of GoA network. As such, all GoA employees (including contractors and vendors with access to GoA systems, are responsible for taking the appropriate steps to select and secure their password. As such, all GoA employees (including contractors and vendors with access to GoA systems, are responsible for taking the appropriate steps to select and secure their password.

View policy tool:
Digital User Credentials Standard
Related policy tool 1:
Information Security Management Directives

Disaster Recovery Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-08-06
Description: Defines requirements for responding to disasters that could adversely impact Government of Alberta (GoA) Information Technology (IT) and business operations. This control policy ensures plans and processes are in place for the GoA to adequately respond to human induced or natural disasters. These disasters could negatively impact core IT services and critical business application availability over an extended period of time (24 hours or greater).

View policy tool:
Disaster Recovery Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Encrypted Traffic Inspection

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-10-22
Description: The Encrypted Traffic Inspection Standard specifies the approach and controls governing the interception, decryption, and inspection of traffic entering or exiting Government of Alberta (GoA) Information Technology (IT) environments. Traffic inspection provides additional detection and prevention capabilities against malicious activities and malware targeting GoA information and data assets.

View policy tool:
Encrypted Traffic Inspection
Related policy tool 1:
Information Security Management Directives

End-user Computing Devices Encryption Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-03-10
Description: This standard provides guidance on encryption services required for Government of Alberta (GoA) end-user computing devices.

View policy tool:
End-user Computing Devices Encryption Standard
Related policy tool 1:
Cryptographic Algorithms Standard
Related policy tool 2:
Information Security Management Directives

External Access to Non-Production Services Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-01
Description: This standard seeks to limit external (internet) access to non-production Information Management and Technology (IMT) systems to limit the potential of vulnerability exposure for Government of Alberta (GoA) applications where full security testing has not yet been completed.

View policy tool:
External Access to Non-Production Services Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Statement of Acceptable Risk (SoAR) Process

GoA Accounts Naming Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected B
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-08-22
Description: This standard defines the Government of Alberta (GoA) naming standards for GoA Accounts used within Active Directory Services (ADS). This standard replaces the Naming Standard - GoA Network Accounts.

View policy tool:
GoA Accounts Naming Standard
Related policy tool 1:
Information Security Management Directives

GoA Anti-Malware Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-11-28
Description: This standard defines the Government of Alberta (GoA) requirements for implementing anti-malware systems used to detect and block malicious software, such as computer viruses, worms, spyware, and ransomware. Early detection of malware helps to reduce and manage potential risks to the GoA computing environment.

View policy tool:
GoA Anti-Malware Standard
Related policy tool 1:
Information Security Management Directives

Identity and Access Management Directive

Tool type: Directive
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-09-12
Description: This directive establishes minimum cybersecurity requirements to control who and what can access GoA systems and data. It ensures that the right individuals gain access to the right materials and records at the right time, as well as making it safe, secure, and simple to change access rights, group memberships, and other key attributes as users and systems, change, are added, or removed.

View policy tool:
Identity and Access Management Directive
Related policy tool 1:
Cybersecurity Policy
Related policy tool 2:
Information Security Management Directives

Information Security Incident Response Process

Tool type: Procedure
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-07-22
Description: This Standard Operating Procedure (SOP) provides the processes and instructions for managing information security Incidents and lessons learned in the Government of Alberta (GoA). It outlines the different types of security incidents that can occur and the detailed workflow processes that the GoA should follow when responding to a security incident.

View policy tool:
Information Security Incident Response Process

Information Security Management Directives

Tool type: Directive
Category: Cybersecurity
Security classification: Public
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-11-12
Description: The Information Security Management Directives establish corporate security requirements for Information Management and Technology (IMT) systems, and organizational roles and responsibilities for information security management within the Government of Alberta (GoA) and its departments. The directive statements identify the controls necessary to implement foundational IMT security within the Government of Alberta. GoA security standards and other policy instruments provide further information regarding the details surrounding the implementation of these directives.

View policy tool:
Information Security Management Directives
Related policy tool 1:
Cybersecurity Policy

IT Disaster Recovery Framework

Tool type: Framework
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-07-08
Description: The IT Disaster Recovery Framework integrates Policy, Standards, Risk and Procedures into a single structure and provides the building blocks for the Government of Alberta (GoA) Information Technology (IT) Disaster Recovery program and operations. The framework provides the structure for achieving ISMD compliance in a logical manner and documents appropriate levels of governance for all control activities. It is part of the GoA Cybersecurity Controls Framework.

View policy tool:
IT Disaster Recovery Framework

IT Disaster Recovery Playbook

Tool type: Guideline
Category: Cybersecurity
Security classification: Public
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-05-12
Description: The IT disaster recovery playbook is a subset of the organization’s business continuity plan (BCP) which encompasses IT and non-IT aspects of business resumption such as facilities, personnel, and communications. The IT disaster recovery playbook outlines a series of procedures and protocols designed to help organizations effectively respond to different types of IT disasters and coordinate the resumption of IT services.

View policy tool:
IT Disaster Recovery Playbook

Log Management Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-11
Description: This standard describes security, event, and error logging requirements for Government of Alberta (GoA) servers, networks, and applications. Error and event logging assists GoA technical teams in detecting error and event trends that could lead to system failures. Events and events of interest are also used for correlation across networks and systems when a system fails, or a security incident occurs.

View policy tool:
Log Management Standard
Related policy tool 1:
Information Security Management Directives

Patch and Version Management Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-10
Description: The Patch and Version Management Standard establishes the cybersecurity requirements for managing and patching all Government of Alberta (GoA) managed devices and systems with appropriate security updates.

View policy tool:
Patch and Version Management Standard
Related policy tool 1:
Information Security Management Directives

Risk Management Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-03-04
Description: Defines the control objectives for identification, assessment, and management of cybersecurity risks (cyber risk) within the GoA. Cyber risk is managed through risk assessment, threat identification, vulnerability assessment, and documented processes for reporting and treating risk.

View policy tool:
Risk Management Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Secrets Management Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-01-29
Description: The Secrets Management Standard establishes cybersecurity requirements for managing secrets across all solutions managed or operated by the Government of Alberta.

View policy tool:
Secrets Management Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Digital Service Hardening Standard

Secure Digital Media Sanitization

Tool type: Standard
Category: Cybersecurity
Security classification: Public
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-08-28
Description: The Secure Digital Media Sanitization standard defines secure methods for sanitization (erasure) of electronic media including but not limited to magnetic, optical, and flash media, within the Government of Alberta.

View policy tool:
Secure Digital Media Sanitization
Related policy tool 1:
Information Security Management Directives

Security Threat and Risk Assessment (STRA) Process

Tool type: Procedure
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-10-31
Description: Process for tracking and managing the STRA lifecycle. Security Threat and Risks Assessments (STRA) must be conducted for all new IT systems and for substantial updates to existing systems.

View policy tool:
Security Threat and Risk Assessment (STRA) Process
Related policy tool 1:
Security Threat and Risk Assessment (STRA) Template

Security Threat and Risk Assessment (STRA) Template

Tool type: Form
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2023-04-26
Description: Security Threat and Risks Assessments (STRA) must be conducted for all new IT systems and for substantial updates to existing systems.

View policy tool:
Security Threat and Risk Assessment (STRA) Template
Related policy tool 1:
Security Threat and Risk Assessment (STRA) Process

Solution Acquisition and Development Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-01-24
Description: The purpose of this control is to establish risk and security management practices for the procurement, configuration, and development of Information Management Technology solutions in the Government of Alberta (GoA). The control objectives established in this policy apply whether the solution is developed in house, purchased as Commercial off the Shelf (COTS), open source, or a cloud-based solution (e.g., Software as a Solution (SaaS) or Platform as a Service (PaaS)). All solution delivery, including acquisition and development, regardless of type, must include risk and security management practices in all phases.

View policy tool:
Solution Acquisition and Development Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Solution Threat Modelling Guideline

Tool type: Guideline
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-12
Description: This standard establishes a comprehensive and integrated approach to conducting solution threat modelling within the Government of Alberta (GoA). Solution threat modelling enables Information Controllers, Information Custodians and solution delivery and acquisition teams to proactively identity threats and risks to GoA systems and data on an ongoing basis; proactively revise solution requirements, architectures, and designs for the identified threats and risks; and improve their ability to manage their remaining solution risks and their associated costs by integrating their threat model into GoA’s Security Threat and Risk Assessment (STRA) process.

View policy tool:
Solution Threat Modelling Guideline
Related policy tool 1:
Solution Threat Modelling Standard
Related policy tool 2:
Data and Information Security Classification Standard

Solution Threat Modelling Standard

Tool type: Standard
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-02-12
Description: This standard establishes a comprehensive and integrated approach to conducting solution threat modelling within the Government of Alberta (GoA).

View policy tool:
Solution Threat Modelling Standard
Related policy tool 1:
Solution Threat Modelling Guideline
Related policy tool 2:
Information Security Management Directives

Statement of Acceptable Risk (SoAR) Process

Tool type: Procedure
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-10-31
Description: The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.

View policy tool:
Statement of Acceptable Risk (SoAR) Process
Related policy tool 1:
Statement of Acceptable Risk (SoAR) Template

Statement of Acceptable Risk (SoAR) Template

Tool type: Form
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2021-10-01
Description: The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.

View policy tool:
Statement of Acceptable Risk (SoAR) Template
Related policy tool 1:
Statement of Acceptable Risk (SoAR) Process

System Administrative Account Conditions of Use

Tool type: Standard
Category: Cybersecurity
Security classification: Protected B
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2025-08-22
Description: This standard defines the requirements for managing system administrative accounts, including oversight, monitoring, and audit controls to manage potential security and business risks associated with unauthorized access or misuse of these accounts. This standard supports Information Security Management Directives (ISMD) Sections 2.1.2 and 2.1.16 (Protect).

View policy tool:
System Administrative Account Conditions of Use
Related policy tool 1:
Information Security Management Directives

Vulnerability Management Control

Tool type: Control
Category: Cybersecurity
Security classification: Protected A
Owner: Technology and Innovation - Cybersecurity
Last reviewed date: 2024-12-04
Description: Establishes the control objectives for the vulnerability management program. It mandates ongoing scanning, investigation, analysis, and reporting of the risk associated with vulnerabilities and ensures that these weaknesses are prioritized for remediation based on the risk to Government of Alberta (GoA) systems and data.

View policy tool:
Vulnerability Management Control
Related policy tool 1:
Cybersecurity Control Framework
Related policy tool 2:
Information Security Management Directives

Government of Alberta Communications Policy

Tool type: Policy
Category: Governance
Security classification: Public
Owner: Communication and Public Engagement
Last reviewed date: 2018-09-18
Description: The Government of Alberta is committed to making it easy for Albertans to understand and use government information in all forms and formats. The intent of this policy is to ensure that government communications are coordinated and effective and give Albertans the information they need. Communicating with Albertans is a key function of government, involving officials and employees at all levels. This policy guides all ministries and all government employees.

View policy tool:
Government of Alberta Communications Policy

Government of Alberta Web Governance Policy

Tool type: Policy
Category: Governance
Security classification: Public
Owner: Communication and Public Engagement
Last reviewed date: 2018-12-20
Description: Provides the rules governing Government of Alberta staff for the creation, maintenance, review and decommissioning of public-facing web properties.

View policy tool:
Government of Alberta Web Governance Policy

IMT Prioritization and Investment Principles

Tool type: Policy
Category: Governance
Security classification: Protected A
Owner: Technology and Innovation
Last reviewed date: 2011-03-30
Description: A document that outlines the GoA IMT prioritization and investment principles.

View policy tool:
IMT Prioritization and Investment Principles

IMT Strategy

Tool type: Strategy
Category: Governance
Security classification: Protected A
Owner: Technology and Innovation
Last reviewed date: 2011-03-21
Description: This document outlines the requirements to developing and establishing a single-enterprise approach to IMT. These requirements include co-ordinated planning, integration of IMT infrastructure planning into the capital planning process, sound governance and improved project-execution skills. The strategies in this document will enable the new IMT model to transform how information technology across government is planned, operated and managed.

View policy tool:
IMT Strategy
Related policy tool 1:
IMT Policy Definition

End User Computing Single Device Directive

Tool type: Directive
Category: Hardware
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-12-05
Description: The purpose of this directive is to ensure that the EUC service operates in a cost-effective manner and within its assigned budget. The principle of “one user, one device” is key to achieving this goal, as computing devices are leased from a vendor. The return of devices that are not currently in use is key to avoiding unnecessary costs.

View policy tool:
End User Computing Single Device Directive

Excessive Mobile Device Bill Repayment Procedure

Tool type: Procedure
Category: Mobile devices
Security classification: Public
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2020-07-07
Description: This procedure will guide ministry Senior Financial Officers, ministry expenditure officers, and Government of Alberta (GoA)-assigned mobile device end-users in the fair and consistent repayment of excessive bills.

View policy tool:
Excessive Mobile Device Bill Repayment Procedure
Related policy tool 1:
Mobile Device Policy

Mobile Device Policy

Tool type: Policy
Category: Mobile devices
Security classification: Public
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2020-07-07
Description: This policy provides government-wide guidance o both expenditure officers and end-users on the proper procurement, use and disposal of Government of Alberta (GoA)-assigned mobile devices.

View policy tool:
Mobile Device Policy

Cloud Resources Tag and Label Standard

Tool type: Standard
Category: Network infrastructure
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2027-09-30
Description: This standard provides a consistent approach for the application of descriptive tags and labels to all resources provisioned within Azure (Microsoft Azure), AWS (Amazon Web Services) and GCP (Google Cloud Platform) under the control of the Government of Alberta (GoA).

View policy tool:
Cloud Resources Tag and Label Standard
Related policy tool 1:
Data and Information Security Classification Standard

Cloud Services Policy

Tool type: Policy
Category: Network infrastructure
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2022-09-20
Description: The purpose of the GoA Cloud Services Policy is to provide clear direction and establish the principles and guidelines to enable adoption of Cloud services. Adoption of Cloud Services is important for the GoA to transition to a Digital Government and transform service delivery.

View policy tool:
Cloud Services Policy
Related policy tool 1:
Data Security in the Cloud Standard
Related policy tool 2:
Data and Information Security Classification Standard

GoA ICT Specification - Enterprise Infrastructure Framework

Tool type: Framework
Category: Network infrastructure
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2020-10-05
Description: Communicates the design rationale, specification and operating standards for the shared environment.

View policy tool:
GoA ICT Specification - Enterprise Infrastructure Framework

GoA Sector, Department, and Entity Code Standard

Tool type: Standard
Category: Network infrastructure
Security classification: Public
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2019-06-15
Description: The standard below identifies the active code for the Government of Alberta Sectors, Departments, and Advisory Boards Committees or Councils. The departments, agencies, offices, boards and legislative officers are defined under the Government Organization Act, the Freedom of Information and Protection of Privacy Act or the Legislative Assembly of Alberta.

View policy tool:
GoA Sector, Department, and Entity Code Standard

Naming Standard - Email, Devices, Messaging and Objects

Tool type: Standard
Category: Network infrastructure
Security classification: Protected B
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-12-16
Description: his standard outlines Government of Alberta (GoA) naming requirements for email, device names, messaging names, and object names in the GoA Enterprise information technology (IT) environment.

View policy tool:
Naming Standard - Email, Devices, Messaging and Objects

Developing a Protection of Privacy Act Collection Notice

Tool type: Standard
Category: Privacy
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2025-06-11
Description: The Protection of Privacy Act (POPA) specifies the manner in which public bodies may collect personal information from individuals. The term “public bodies” includes all Government of Alberta departments and designated agencies, boards, and commissions (ABCs).

View policy tool:
Developing a Protection of Privacy Act Collection Notice

Guide to Identifying and Developing Personal Information Banks

Tool type: Guideline
Category: Privacy
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2023-12-07
Description: The Freedom of Information and Protection of Privacy Act (the FOIP Act) requires all public bodies to make a directory that lists the public body’s personal information banks (PIBs) available to the public for inspection and copying. The purpose of making this information available is to help the public know what personal information the public body might have about them as individuals. The purpose of this guide is to assist the public bodies with identifying PIBs and developing the list of PIBs in the custody or under the control of the public body.

View policy tool:
Guide to Identifying and Developing Personal Information Banks

Privacy Incident Procedure

Tool type: Procedure
Category: Privacy
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2026-02-27
Description: Under the Protection of Privacy Act (POPA), the Government of Alberta (GoA) is accountable for, and committed to, protecting and securing personal information, data derived from personal information, and non-personal data in its custody and/or under its control from unauthorized access, collection, use, disclosure, or destruction. This privacy incident procedure strengthens the GoA’s commitment to the protection of personal information and ensures compliance with reporting requirements under POPA.

View policy tool:
Privacy Incident Procedure

Privacy Management Framework

Tool type: Framework
Category: Privacy
Security classification: Public
Owner: Technology and Innovation - Innovation, Privacy and Stewardship
Last reviewed date: 2025-06-01
Description: The Privacy Management Framework (PMF) provides high-level strategic direction to maintain consistent and effective privacy management across the GoA in today's rapidly evolving digital world. The PMF demonstrates the government's commitment to the protection of personal information by:defining "privacy by design"; specifying Framework Principles that will inform the development and revision of new and/or existing policy instruments; highlighting privacy-related commitments the GoA will be implementing in support of the Framework Principles; and providing an overview of the roles, policy instruments and processes that support and articulate the Framework Principles.

View policy tool:
Privacy Management Framework
Related policy tool 1:
Data Ethics Framework
Related policy tool 2:
Content Management Policy

Application Development Stack Standard

Tool type: Standard
Category: Software and systems development
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-11-22
Description: This standard establishes an organizational approach for application development to ensure consistent implementation of and adherence to industry best practices; simplified application sustainability; and limited exposure of the Government of Alberta’s (GoA) information management technology (IMT) infrastructure and information assets to vulnerabilities.

View policy tool:
Application Development Stack Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
Solution Acquisition and Development Control

Cloud Computing Reference Architecture

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2017-03-22
Description: The Cloud Computing Reference Architecture standard will enable the Government of Alberta (GoA) to be an effective adopter of Cloud Computing, and provide more responsive and efficient IT services. The standard provides a "one-enterprise" approach for Cloud Computing to guide the GoA IT and government business. Careful consideration is given to security, privacy, classification of information, and availability of the Cloud Computing services. The GoA will adopt the National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture with the amendments described in the "GoA Cloud Computing Reference Architecture" document.

View policy tool:
Cloud Computing Reference Architecture

Digital Experience Standard

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Communication and Public Engagement
Description: The goals of the digital experience standard create a cohesive user experience for users of Government of Alberta (GoA) websites and applications, prioritizing ease of use, accessibility and readability.

View policy tool:
Digital Experience Standard

Digital Service Standards

Tool type: Digital Service Standards
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2024-05-28
Description: The Digital Service Standards set clear expectations on how the Government of Alberta will deliver better, faster, smarter services. Through the standards and new supports and guidance, we’re shifting how teams develop and produce user-centred products for citizens and businesses in a safe and secure manner.

View policy tool:
Digital Service Standards

Digital Trust and Identity Assurance Standard

Tool type: Standard
Category: Software and systems development
Security classification: Protected A
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2025-03-20
Description: The Digital Trust and Identity Assurance Standard (DTIAS) establishes a framework for the secure management of digital trust, identity assurance, and governance in online interactions with externally facing digital services provided by the Government of Alberta (GoA). The standard ensures a consistent approach to identity assurance, access management, and governance for external parties engaging with government services.

View policy tool:
Digital Trust and Identity Assurance Standard
Related policy tool 1:
Data and Information Security Classification
Related policy tool 2:
Digital Service Standards

Electronic Signature Technical Standard Common Solutions

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2020-05-15
Description: This document provides business areas and IMT solution designers with a set of common solutions to electronic signature needs within the government for both purely internal scenarios and for scenarios where the signatures must cross organization boundaries, inbound, outbound or both.

View policy tool:
Electronic Signature Technical Standard Common Solutions
Related policy tool 1:
Electronic Signatures Technical Standard
Related policy tool 2:
Electronic Signature Technical Standard Solution Requirements

Electronic Signature Technical Standard Solution Requirements

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2020-05-15
Description: The set of requirements for electronic signature solutions provided here supports the Electronic Signature Technical Standard. These requirements are to be used when designing a custom electronic signature solution or acquiring a new electronic signature solution for the government.

View policy tool:
Electronic Signature Technical Standard Solution Requirements
Related policy tool 1:
Electronic Signatures Technical Standard
Related policy tool 2:
Electronic Signature Technical Standard Common Solutions

Electronic Signatures Technical Standard

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2020-05-15
Description: This document establishes the Government of Alberta's (GoA) technical standards for its information management and technology (IMT) solutions to its electronic signature business needs.

View policy tool:
Electronic Signatures Technical Standard
Related policy tool 1:
Electronic Signature Technical Standard Common Solutions
Related policy tool 2:
Electronic Signature Technical Standard Solution Requirements

Enterprise Architecture Framework

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2015-10-27
Description: The standard below outlines the Government of Alberta (GoA) standard for an enterprise architecture framework. An enterprise architecture framework is the set of terminology, tools, processes, standards and best practises used to achieve an organization's goals with information technology. The GoA will adopt The Open Group Architecture Framework (TOGAF) as the standard for the GoA EA practice and as a guiding methodology to manage and run the GoA EA Program.

View policy tool:
Enterprise Architecture Framework

Enterprise Architecture Principles

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2015-11-30
Description: The standard outlines the Government of Alberta (GoA) standard for Enterprise Architecture Principles. Enterprise Architecture Principles are a set of overarching guidelines and rules that relate to Information Management Technology (IMT) architecture work across all areas of the Government of Alberta. The principles reflect a level of consensus among the various government organizations of the GoA enterprise, and form the basis for making IT decisions.

View policy tool:
Enterprise Architecture Principles

Mobile Application Development

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2018-09-21
Description: The Mobile Application Development Technical Standard is for the development of mobile applications for the Government of Alberta. These Standards are to be used when developing or updating mobile applications either for external distribution (via Apple Store, Google Play Store and Windows App Store) or internal GoA distribution. The standards are a combination of Government of Alberta requirements and mobile requirements from mobile platforms such as Android, iOS and Windows.

View policy tool:
Mobile Application Development
Related policy tool 1:
Mobile Application UI Design
Related policy tool 2:
Mobile Application Submission

Mobile Application Submission

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2018-09-21
Description: The Mobile Application Submission Standard is for the submission of mobile applications for internal and external distribution. All mobile applications ready for submission must follow these Standards in order to submit the application either via Service Alberta's internal distribution mechanisms or externally to mobile marketplaces such as the Apple App Store, Google Play Store and Windows App Store.

View policy tool:
Mobile Application Submission
Related policy tool 1:
Mobile Application Development
Related policy tool 2:
Mobile Application UI Design

Mobile Application UI Design

Tool type: Standard
Category: Software and systems development
Security classification: Public
Owner: Technology and Innovation - Digital Design and Delivery
Last reviewed date: 2018-09-21
Description: The Mobile UI Design Technical Standard is for the development of mobile applications for the Government of Alberta (GoA) focusing on key UI design elements. These Standards are to be used when developing or updating a mobile application either for internal GoA distribution or external distribution on mobile marketplaces such as Apple App Store, Google Play Store and Windows App Store. The standards are a combination of Government of Alberta requirements and mobile UI design guidelines from mobile platforms such as Android, iOS and Windows

View policy tool:
Mobile Application UI Design
Related policy tool 1:
Mobile Application Development
Related policy tool 2:
Mobile Application Submission

REST API Standard

Tool type: Standard
Category: Software and systems development
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-11-22
Description: This standard identifies the requirement for implementing REST APIs within the Government of Alberta. The general Web API Standard contains overarching requirements which also apply to REST APIs.

View policy tool:
REST API Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
SOAP API Standard

SOAP API Standard

Tool type: Standard
Category: Software and systems development
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-11-22
Description: This standard identifies the requirement for implementing SOAP APIs within the GoA. The general Web API Standard contains overarching requirements which also apply to SOAP APIs.

View policy tool:
SOAP API Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
REST API Standard

Web API Standard

Tool type: Standard
Category: Software and systems development
Security classification: Protected A
Owner: Technology and Innovation - Technology Support and Operations
Last reviewed date: 2024-11-22
Description: This standard addresses Web APIs as a whole within the GoA. Web application programming interfaces (APIs) provide access to information, content, and solution functionality in a flexible, lower-cost, secure, managed way. They are a foundational element of the Government of Alberta approach to supporting its digital government vision. Conformance to this standard will enable the GoA to reach that vision while balancing the costs, benefits, and risks of doing so.

View policy tool:
Web API Standard
Related policy tool 1:
Information Security Management Directives
Related policy tool 2:
REST API Standard

IMT Policy Tools Portal search

Featured

Filter

161 results

Access to information

Policy tool name

Application support

Policy tool name

Content management

Policy tool name

Cybersecurity

Policy tool name

Governance

Policy tool name

Hardware

Policy tool name

Mobile devices

Policy tool name

Network infrastructure

Policy tool name

Privacy

Policy tool name

Software and systems development

Policy tool name

Featured

Filter

161 results

Access to information

Policy tool name

Application support

Policy tool name

Content management

Policy tool name

Cybersecurity

Policy tool name

Governance

Policy tool name

Hardware

Policy tool name

Mobile devices

Policy tool name

Network infrastructure

Policy tool name

Privacy

Policy tool name

Software and systems development

Policy tool name

Quick links

About this site