Information Assurance (IA) in the field of communication and information systems is the confidence that such systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users.

Effective Information Assurance shall ensure appropriate levels of:

• Authenticity

  the guarantee that information is genuine and from bona fide sources;

• Availability

  the property of being accessible and usable upon request by an authorised entity;

• Confidentiality

  the property that information is not disclosed to unauthorised individuals, entities or processes;

• Integrity

  the property of safeguarding the accuracy and completeness of assets and information;

• Non-repudiation

  the ability to prove an action or event has taken place, so that this event or action cannot subsequently be denied.

IA shall be based on a risk management process.