INFORMATION CLASSIFICATION MATRIX AND HANDLING GUIDE
PHYS & ADMIN DESTRUCTION/
CATEGORY DESCRIPTION Sample Documents/Records MARKING REPRODUCTION DISTRIBUTION CONTROLS DISPOSAL
Information that may be broadly
distributed without causing damage to the organization, its employees Marketing materials authorized for public and stakeholders. The [PR release such as advertisements, Office/Marketing Dept/Information PUBLIC or open brochures, published annual accounts, None None Unlimited No restrictions Recycling/trash Security Management dept/etc.] must Internet Web pages, catalogues, external pre-approve the use of this vacancy notices classification. These documents may be disclosed or passed to persons outside the organization.
Most corporate information falls into this
category. Internal: use an internal mail envelope. Paper documents: Information whose unauthorized Departmental memos, information on Limited copies may be shred. disclosure, particularly outside the internal bulletin boards, training materials, Author: responsible for made only by External: use a sealed envelope. organization, would be inappropriate policies, operating procedures, work INTERNAL USE ONLY" proper markings. employees, or by Electronic data: erase INTERNAL or and inconvenient. instructions, guidelines, phone and email contractors and third Electronic: use internal email system. or degauss magnetic proprietary directories, marketing or promotional Apply to bottom left User: responsible for parties who have signed Encryption is required for transmission media. Send CDs, Disclosure to anyone outside of information (prior to authorized release), corner of each page. proper storage and an appropriate to external email addresses. DVDs, dead hard drives, [Company name] requires investment options. transaction data, document control. nondisclosure laptops etc. to IT for management authorization. productivity reports, disciplinary reports, agreement. FAXing: take care over the FAX appropriate disposal contracts, Service Level Agreements, number! internal vacancy notices, intranet Web pages
Originator: responsible Internal: use a sealed envelop inside
for ensuring that an internal mail envelope. Hand deliver Paper documents: confidential information if possible. shred using an approved Highly sensitive or valuable Passwords and PIN codes, VPN tokens, is distributed on a strict Limited copies may be External: use a plain sealed envelope. cross-cut shredder. information, both proprietary and credit and debit card numbers, personal CONFIDENTIAL" need-to-know basis. made only by permission Hand deliver or send by registered CONFIDENTIAL personal. Must not be disclosed information (such as employee HR of originator or his/her mail, courier etc. Electronic data: erase or restricted outside of the organization without records, Social Security Numbers), most Apply to bottom left Recipient: responsible designates. A signed Electronic: use internal email system or degauss magnetic the explicit permission of a Director- accounting data, other highly sensitive or corner of each page. for ensuring that authorization slip will be only. Encyrpt data. media. Send CDs, level senior manager. valuable proprietary information confidential information presented. FAXing: requires phone confirmation of DVDs, dead hard drives, is encrypted and/or kept receipt of a test page immediately prior laptops etc. to IT for under lock & key when to sending the FAX, and phone appropriate disposal. not in use. confirmation of full receipt.
Note: this classification scheme only relates to the confidentiality of the information. Similar schemes are feasible for integrity and availability requirements.