Australian Government Email Protective Marking Standard (EPMS)

What Is EPMS?

The Australian Government Email Protective Marking Standard (EPMS) establishes the requirements for applying protective markings or security classifications to emails exchanged within and between government entities.

By enforcing a consistent format for protective markings, this standard helps organizations maintain control over the flow of sensitive information through systems like email gateways. It ensures that data entering or leaving an entity is properly managed and safeguarded. For recipients, these markings provide clear guidance on the handling protections required to keep information secure.

What Is Sensitive or Classified Information?

The EPMS defines sensitive or classified information as information that, if disclosed, could have a negative impact on the national security, economic interests, or public safety of Australia. Sensitive or classified information can include the following:

Information about government policies or programs

Information about military or intelligence operations

Information about trade secrets or other confidential business information

Information about personal or financial information

Fortra Can Help You Comply with EPMS

Fortra can assist organizations in complying with the EPMS by providing a comprehensive data protection solution that addresses the specific requirements for managing and safeguarding sensitive information transmitted via email. Here’s how it helps:

Policy Enforcement

Fortra ensures that only emails with correct protective markings are sent, and it prevents accidental sharing of sensitive or classified information without proper security measures, reducing the risk of non-compliance.

Content Inspection and Filtering

The platform performs deep content inspection on every outgoing email, scanning both the email body and any attachments. This ensures that sensitive content, such as classified documents or confidential government information, is flagged or properly marked before it is sent.

Email Encryption

Fortra offers encryption for emails containing sensitive information, ensuring that marked emails are protected during transit and only accessible by authorized recipients.

Audit and Reporting

Fortra offers comprehensive auditing and reporting features that track every email sent within the organization, including which protective marking was applied, any policy violations, and details of sensitive data transfers. This information is compiled into detailed reports that can be used for internal reviews or provided during external audits.

Learn More About Email Protective Marking Standards

Australia's Email Protective Marking Standards are an important step in protecting sensitive and classified information. To learn more about how Fortra Data Classification Solutions can help you meet compliance requirements, download a copy of our datasheet.

Download EPMS Datasheet

How to Handle, Store, and Dispose of Email

The EPMS also requires organizations to:

Handle, store, and dispose of email containing sensitive or classified information in a secure manner.

Have a process in place for reviewing and approving the security classifications of email.

Have a process in place for monitoring and auditing the handling, storage, and disposal of email containing sensitive or classified information.

The EPMS requires all emails that contain sensitive or classified information to be marked with the appropriate security classification. The security classifications are as follows:

Protected

This classification is used for information that should be kept confidential.

Secret

This classification is used for information that is important to the national security of Australia.

Top Secret

This classification is used for information that is vital to the national security of Australia.

The email must also be marked with a caveat, if necessary, to indicate any additional special protections that are required. For example, if the email contains information that is subject to export controls, the email must be marked with a caveat that indicates this.

Resources

Blog

Top 10 Ways To Recognize a Phishing Email

Navigating the Australian Privacy Act 1988: Implications and Preparedness for Organizations

See Fortra DLP in Action

GET A DEMO