Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
367 views3 pages

Sample Data Classification Quick Reference

This document provides a quick reference guide for classifying and handling information based on its sensitivity. It outlines a four-level classification scheme - Highly Restricted, Confidential, Internal Use Only, and Public - and specifies requirements for storage, copying, transmission, disposal, and access for each classification level. The requirements are outlined in classification matrices for each level. The document references related information security policies and was created using an Information Shield template.

Uploaded by

N Sai Avinash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
367 views3 pages

Sample Data Classification Quick Reference

This document provides a quick reference guide for classifying and handling information based on its sensitivity. It outlines a four-level classification scheme - Highly Restricted, Confidential, Internal Use Only, and Public - and specifies requirements for storage, copying, transmission, disposal, and access for each classification level. The requirements are outlined in classification matrices for each level. The document references related information security policies and was created using an Information Shield template.

Uploaded by

N Sai Avinash
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

www.informationshield.

com

Information Security Policies


Sample Data Classification Quick Reference Table
Policy # Effective Date MM, DD, YYYY Email [email protected]
Version 1.0 Contact First Last, Title Phone 888.123.4567

OVERVIEW
This document provides a quick-reference guide for protecting information according to its
sensitivity classification based on a four-level classification scheme.

SPECIFIC CLASSIFICATION REQUIREMENTS

HIGHLY RESTRICTED Classification Table


Action Requirement
Storage on Fixed Media Encrypted
Storage on Exchangeable Media Encrypted
Copying Permission of Owner Required
Faxing Encrypted Link plus Password Protected
Recipient Mailbox or Attended Receipt
Sending By Public Network Encrypted
Disposal Shredding or Secure Disposal Boxes
Release to Third Parties Owner Approval and Non-Disclosure
Agreement
Electronic Media Labeling Required External and Internal Labels
Hardcopy Labeling Required Each Page if Loose Sheets
Front and Back Covers, and Title Page if
Bound
Internal and External Mail Packaging Address to Specific Person but Label Only
on the Inside Envelope
Granting Access Rights Owner Only
Tracking Process by Log Recipients, Copies Made, Locations,
Addresses, Those Who Viewed, and
Destruction

CONFIDENTIAL Classification Matrix


Action Requirement
Storage on Fixed Media Encrypted or Physical Access Control
Storage on Exchangeable Media Encrypted
Copying Permission of Owner Advised
Faxing Password Protected Recipient Mailbox or

Policy # CONFIDENTIAL Page 1


Attended Receipt
Sending By Public Network Encrypted
Disposal Shredding or Secure Disposal Boxes
Release to Third Parties Owner Approval and Non-Disclosure
Agreement
Electronic Media Labeling Required External and Internal Labels
Hardcopy Labeling Required Each Page if Loose Sheets
Front and Back Covers, and Title Page if
Bound
Internal and External Mail Packaging Address to Specific Person but Label Only
on the Inside Envelope
Granting Access Rights Owner Only
Tracking Process by Log Not Required

INTERNAL USE ONLY Classification Matrix


Action Requirement
Storage on Fixed Media Encryption Optional
Storage on Exchangeable Media Encryption Optional
Copying No Restrictions
Faxing No Restrictions
Sending By Public Network Encryption Optional
Disposal Ordinary Trash Can
Release to Third Parties Non-Disclosure Agreement
Electronic Media Labeling Required No Label Required
Hardcopy Labeling Required No Label Required
Internal and External Mail Packaging Only One Envelope with No Markings
Granting Access Rights Local Manager
Tracking Process by Log Not Advised

PUBLIC Classification Matrix


Action Requirement
Storage on Fixed Media Encryption Not Advisable
Storage on Exchangeable Media Encryption Not Advisable
Copying No Restrictions
Faxing No Restrictions
Sending By Public Network Encryption Not Advisable
Disposal Ordinary Trash Can
Release to Third Parties No Restrictions
Electronic Media Labeling Required Release Date plus Classification
Hardcopy Labeling Required Release Date plus Classification
Internal and External Mail Packaging Only One Envelope with No Markings
Granting Access Rights No Restrictions
Tracking Process by Log Not Advised

Policy # CONFIDENTIAL Page 2


REFERENCES
CPL: 4.4. Asset Classification
ISO 27002: 7.2.1 Classification guidelines
NIST SP 800-53: MP-3 Media Labeling

RELATED DOCUMENTS
Information Classification Policy

APPROVAL AND OWNERSHIP

Created By Title Date Signature

Policy Author Information Security MM, DD, YYYY

Approved By Title Date Signature


Executive Sponsor President MM, DD, YYYY

REVISION HISTORY

Version Revision Date Review Date Description

1.0 MM, DD, YYYY MM, DD, YYYY Information Shield Template

Policy # CONFIDENTIAL Page 3

You might also like