Print Fallback Logo

Information Classification Policy

Asset Classification Categories, Type and Handling Methods

Category Type Asset Handling Methods

Public

Definition:

May be viewed by anyone, anywhere in the world.

Public information assets may include but are not limited to:

  • Principal contacts e.g. name/email address/telephone numbers for public-facing roles will be made freely available
  • Announcements from authorities
  • Publications
  • Press releases
 N.B some contacts are associated with specific job roles and responsibilities only and should not be released to the general public without consent.

Open

Definition:

Access is available to all.

Open information assets may include but are not limited to:

  • Contacts e.g. name/email address/telephone number
  • "Approved" communications e.g. news/updates to ensure their relevance to day to day activities
  • Policies/procedures/  processes

Secure handling may include but is not limited to:

Information should be formatted to enable basic security e.g. word documents converted into PDF to avoid tampering and disrepute. These include documents such as but not limited to:

  • Procedures
  • Policies
  • Guidelines

Confidential

Definition:

Access is limited to specified people with appropriate authorisation or on a need to know basis.

Confidential information assets may include but are not limited to:

  • Personal details or identifiable information includes: (name/address/telephone number/email address/date of birth/National Insurance number/ ethnic or racial origin/religious beliefs, physical or mental health/sexual life/ political opinions/trade union membership/ the commission or alleged commission of criminal offences).
  • Information relating to the private wellbeing of a person
  • Wage slips
  • Death certificates
  • PDR documents
  • Employee contract data
  • Non-Disclosure Agreements
  • Documents in "draft " format

Secure handling may include but is not limited to:

Paper Documents (In Transit/Rest)

  • Secure storage - locked (files/folders/cabinets)
  • Approved third party courier
  • Use sealed envelopes instead of the usual transit envelopes
  • Secure disposal

Electronic Information assets (In transit/rest)

  • Encryption
  • Password protection
  • SFTP (Secure file transfer protocol)
  • Secure file stores
  • Secure disposal
  • Reduced access rights/level of privileges

Strictly Confidential

Definition:

Access is controlled and restricted to a small number of named individuals/  authorities

Strictly Confidential information assets may include but are not limited to:

  • Bank details (sort code/account number)
  • Credit Card Details (PAN/CVV2/Expiry Date/PIN)
  • Financial data
  • Medical records Approved third party courier

Secure handling may include but is not limited to:

Paper documents (In transit/rest)

  • Secure storage - locked (files/folders/cabinets)
  • Approved third party courier
  • Use sealed envelopes instead of the usual transit envelopes

Electronic Information assets (In transit/rest)

  • Encryption
  • SFTP (secure file transfer protocol)
  • Secure file stores
  • Asset tags
  • Secure disposal
  • Access rights/Level of privileges

Secret

Definition:

Access is subject to or obtained under the Official Secrets Act.

Special circumstances may require differing controls above/or below) local circumstances.  Each requirement will be reviewed on a case by case basis in line with HMG controls.

HMG advice and guidance is subject to regular change.