Creation Date:  2023-02-02
Category:  Risk Management
Effective Date:  2023-02-02
Version:  1.2
Last Reviewed:  2023-02-02
Security Classification:  Protected A
Scheduled Review Date:  2025-02-03
Status:  Approved


​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​The Cybersecurity Control Framework is designed to integrate risk and security management into Information Technology (IT) operations. IT must take a risk-based approach to operational activities, initiatives, projects, and services. Information and data that is not secured is subject to increasing levels of risk that can exceed the risk appetite and capacity of the GoA.

Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us:

Keywords: framework, control, cybersecurity