FAQs for Confidential Email - Information Classification and Protection (for Staff Only)

The University has established "Information Classification and Handling Standard" to classify, label and handle information resources based on their sensitivity, criticality, value, nature and the possible impact that could result from the unauthorised access, use or disclosure in accordance with legal, regulatory and contractual requirements.

The Microsoft Information Protection (MIP) framework is adopted to address the classification needs for email and electronic documents outlined in the standard. Sensitivity labels from the MIP let you classify email messages and documents in Microsoft 365. After a sensitivity label is applied to an email or document, any configured protection settings for that label are enforced on the content. For example, the "CityU Only" label may be applied to a document or email such that only people who have CityU credentials (EID) can access it. If the content is restricted for use by specific users, the "Restricted" label may be applied instead.

In CityU, the following label classification is used to facilitate the protection process:

  1. CityU Only (#cityuonly)
    Content is only accessible by people who have CityU credentials (i.e. EID).
  2. Staff Only (#staffonly / #internal)
    Content is only accessible by staff.
  3. Confidential (#confidential / #classified)
    Content is classified and encrypted for specific internal and external people.
  4. Restricted (#restricted)
    Content is restricted to specific users specified by the owner, and they are not allowed to share it further.
  5. Highly Confidential (#highlyconfidential / #viewonly / #readonly)
    Content is highly confidential and sensitive, which is strictly restricted to specific users for viewing only. They are not allowed to share it further nor copy/modify/print it.

FAQs for Confidential Email:

FAQs for protected and encrypted files: