Information Classifications and Handling

Information is recognized as a valuable asset to any organizations and should be properly protected. Classification is the first step towards a trustworthy environment for information. Support from the entire organization is essential to adopt data classification, and we would like to draw your attention to the importance of this initiative.

Not all data and information are equally important and objective of Information classification is to help determining and communicating the required level of protection.

Classification is driven by potential damage associated with data security breaches. Data classification is conducted by considering the consequences of unintended disclosure; modification, destruction, and inaccessibility. Some very common consequences are violation of laws and regulations, damage to reputation and public trust, financial loss, and cost of fixing.

Currently, we have four levels of information classification:

RESTRICTED Inappropriate release of such information could cause inconvenience to or endanger an individual, and result in financial loss or damage to standing or reputation at University level.
CONFIDENTIAL Inappropriate release of which could cause inconvenience to individuals, and result in limited financial loss or damage to standing or reputation at the unit level.
INTERNAL Non-sensitive operational data and disclosures are not expected to cause serious harm to the University.
PUBLIC Information for public consumption.

Please refer to the University's Information Security Policies and Standards for more details.