Security of information
All our work, from our operational response to our public communication, is based on information. We collect it from prisons, hospitals, mortuaries and refugee camps; but we get it from the media and from online communication channels as well.
Handling information safely and efficiently enables us to be more effective in protecting people affected by armed conflict, as well as our staff and partners and other parties involved. Information management and information security are indispensable for ensuring the relevance and accountability of our activities, and to enable the ICRC to act as a trusted manager of sensitive information.
'Information management', broadly defined, refers to the process of collecting, distributing and storing information. We use it to develop strategies and make decisions. It bolsters our accountability, helps us ensure the confidentiality of sensitive information, and enables us to build up and preserve our institutional memory.
Protecting information and information systems is becoming increasingly important at the ICRC, owing to the steady growth of our digital assets and the expansion of online communication. The ICRC's Information Security Framework guides our approach. It is based on three core principles of information security:
· Confidentiality: to ensure that information is classified and handled in accordance with the Information Handling Typology rules, and to ensure also that no information is disclosed to unauthorized individuals or entities
· Integrity: to maintain the accuracy and completeness of information over its entire lifecycle
· Availability: to guarantee that authorized parties are able to access information whenever necessary.