Information Security

The Digital Security and Risk team is responsible for protecting the confidentiality, integrity, and availability of much of the City’s systems, networks, applications, and data.

The City is committed to protecting the public's informational assets and providing essential resources to create an accountable, security-conscious culture.

The City's approach derived from industry best practices such as the Center for Information Security and NIST, which is outlined in our Information System and Security Policy. City systems are managed to ensure compliance with all applicable Federal, State and local laws and ordinances. This framework governs most City systems and processes to secure the public's data, including but not limited to emergency response, data classification, and security auditing. 

If you any questions, please contact CybersecurityRisk@seattle.gov.

Data Classification

The City classifies data for collection, transmission, storage and use, using the following categorizations:

  • Public information can be or currently is released to the public. It does not need protection from unauthorized disclosure but does need integrity and availability protection controls. This would include general public information, published reference documents (within copyright restrictions), open source materials, approved promotional information, and press releases. ·        
  • Sensitive information may not be specifically protected from disclosure by law and is for official use only. Sensitive information is generally not released to the public unless specifically requested. Although most of this information is subject to disclosure laws because of the City's status as a public entity, it still requires careful management and protection to ensure the integrity and obligations of the City's business operations and compliance requirements.
  • Confidential information is information that is specifically protected in all or in part from disclosure under the State of Washington Public Disclosure Laws.
  • Confidential information requiring special handling is specifically protected from disclosure by law and subject to strict handling requirements dictated by statutes, regulations, or legal agreements. 

For more information on how your data is used by the City, please, please visit our Privacy Program.

Emergency Response

Seattle IT works with the Office of Emergency Management to ensure critical systems are managed in alignment with the City's emergency management plan.  

Security Auditing

The City conducts various forms to audits to assess and improve security protections consistent with industry best practices, regulatory and legal requirements, and continuous monitoring principles.