Security of information

Security of information

The ICRC depends on pertinent information to understand the environments in which it operates, and to respond effectively to the needs of people affected by armed conflict and other situations of violence.
Article 20 November 2019

All our work, from our operational response to our public communication, is based on information. We collect it from prisons, hospitals, mortuaries and refugee camps; but we get it from the media and from online communication channels as well.

The information we handle is often of a sensitive nature, and is protected by our confidential approach and privilege not to testify.

Handling information safely and efficiently enables us to be more effective in protecting people affected by armed conflict, as well as our staff and partners and other parties involved. Information management and information security are indispensable for ensuring the relevance and accountability of our activities, and to enable the ICRC to act as a trusted manager of sensitive information.

Information management

'Information management', broadly defined, refers to the process of collecting, distributing and storing information. We use it to develop strategies and make decisions. It bolsters our accountability, helps us ensure the confidentiality of sensitive information, and enables us to build up and preserve our institutional memory.

Information security

Protecting information and information systems is becoming increasingly important at the ICRC, owing to the steady growth of our digital assets and the expansion of online communication. The ICRC's Information Security Framework guides our approach. It is based on three core principles of information security:

· Confidentiality: to ensure that information is classified and handled in accordance with the Information Handling Typology rules, and to ensure also that no information is disclosed to unauthorized individuals or entities

· Integrity: to maintain the accuracy and completeness of information over its entire lifecycle

· Availability: to guarantee that authorized parties are able to access information whenever necessary.