Information classification
The Information Classification Guidelines are designed to help understand the importance of information. This allows us to assess the methods used to create, store, transmit and destroy the data in our possession.
Where data is considered to have higher importance, every person who can access the file must take responsibility for handling it.
It should be used in conjunction with the clear desk policy, however, it doesn't just apply to printed or physical data. Electronic files and storage should also be considered for classification with access and other controls applied as necessary. These controls could include applying controls to disable editing or downloading of a file from the network.
We have included the minimum levels of access control:
Where data is considered to have higher importance, every person who can access the file must take responsibility for handling it.
It should be used in conjunction with the clear desk policy, however, it doesn't just apply to printed or physical data. Electronic files and storage should also be considered for classification with access and other controls applied as necessary. These controls could include applying controls to disable editing or downloading of a file from the network.
We have included the minimum levels of access control:
- Public - available to all
- Private - internal use
- Confidential - highest sensitivity with restricted access
Documentation: Information Classification
Have a question about data classification? Ask it here.