Scribd
Upload
86 views2 pages

KT-ISMS-FR-03 Information Classification Chart

The document provides an information classification chart that outlines protection requirements for different types of sensitive information. It defines four classification levels - Strictly Confidential, Confidential, Business Use Only, and Public. The chart specifies how each classification level of information should be labeled, addressed, stored, transmitted, and disposed of, whether in printed or electronic format. Requirements are more stringent for higher classification levels and include encryption, locked storage, and certified secure destruction.

Uploaded by

Adil Abdulkhader
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
86 views2 pages

KT-ISMS-FR-03 Information Classification Chart

The document provides an information classification chart that outlines protection requirements for different types of sensitive information. It defines four classification levels - Strictly Confidential, Confidential, Business Use Only, and Public. The chart specifies how each classification level of information should be labeled, addressed, stored, transmitted, and disposed of, whether in printed or electronic format. Requirements are more stringent for higher classification levels and include encryption, locked storage, and certified secure destruction.

Uploaded by

Adil Abdulkhader
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 2

KT-ISMS-FR-03/D:01-11-2022/R:00

INFORMATION CLASSIFICATION CHART

Classification Protection requirements for information in printed format.

Usage Strictly Confidential Confidential Business use only Public

Labelling Each page to be marked STRICTLY CONFIDENTIAL. Each page to be marked CONFIDENTIAL. Each page to be marked Business No security requirements.
use only.

The storage medium must have two envelopes/layers of


packaging. The storage medium must have two envelopes/layers of
The outer envelope/layer must: packaging.
-Show the recipients name and address. The outer envelope/layer must:
-Be marked TO BE OPENED BY ADDRESSEE ONLY -Show the recipients name and address. Show the recipients name and Show the recipients name and
Addressing -Be marked TO BE OPENED BY ADDRESSEE ONLY address on envelope. address on envelope.
-Show the name and phone number of the sender of the
-Show the name and phone number of the sender of the
information. information.
The inner envelope must be labelled STRICTLY The inner envelope must be labelled CONFIDENTIAL.
CONFIDENTIAL.

No classification marking on envelope; STRICTLY


CONFIDENTIAL marking on cover sheet; confirmation of No classification marking on envelope; CONFIDENTIAL marking Mailing requirements determined by
Mailing of Information on cover sheet; confirmation of receipt at discretion. information owner. No security requirements.
receipt at discretion of information owner.

Must be stored within secure fire and water proof locked Secure office or other location.
storage units within a locked office. This includes single Must be stored within locked storage units when not in the Room need not be locked if access
Storage instance documents where no electronic or paper copies presence of the originator or recipient. to the building or floor is restricted No security requirements.
exist. to employees and authorised non-
employees.

Transportation By hand or approved courier. Registered mail. Normal mail service. Normal mail service.

Information which is deemed


appropriate for public disclosure can
be disposed of using locally supplied
Information must be disposed of securely using cross-cut Information must be disposed of waste paper facilities. If there is any
shredders or confidential waste bins which are certified for Information must be disposed of securely using strip-cut securely using strip-cut shredders or doubt as to whether the information
Disposal secure destruction. shredders or confidential waste bins which are certified for confidential waste bins which are is commercially or personally
A record must be kept of how, when and by whom the secure destruction. certified for secure destruction. sensitive, then use strip-cut
information was destroyed (To provide an audit trail). shredders or confidential waste bins
which are certified for secure
destruction.

Classification Protection requirements for information in electronic format (computer data)

Page 1 of 2
KT-ISMS-FR-03/D:01-11-2022/R:00
INFORMATION CLASSIFICATION CHART

Usage Strictly Confidential Confidential Business use only Public

Where information medium is not permanently held in locked


The information medium must be marked STRICTLY storage or a secure environment, it must be labeled Must be marked Business use only
Electronic Labelling CONFIDENTIAL on subject-line or header/footer. on subject-line or header/footer. No security requirements.
CONFIDENTIAL on subject-line or header/footer.

Information must be transmitted in encrypted form (using Information must be transmitted in encrypted form (using a Information should be transmitted
Transmission a business-approved method). Transmission should have business-approved method). Transmissions should have to a verified account (eMail address No security requirements.
controlled access e.g. password protected account login. controlled access e.g. password protected account login. or login ID).

Stored in a directory or folder with controlled access, e.g., Stored in a directory or folder with
Storage (e.g. digital file, password protection. Stored in a directory or folder with controlled access, e.g.,
eMail or web page) Information must be stored encrypted using approved password protection. Information must be stored encrypted. restricted access, e.g., password No security requirements.
methods. protection.

All removable media must have applied encryption Secure office or other location.
Removable media (e.g. USB including mobile devices e.g. Laptops, PDA’s, iPhones, All removable media must have applied encryption including Room need not be locked if access
stick, CD, laptop, Blackberries, USB Sticks. Laptop hard disks are to be mobile devices e.g. Laptops, PDA’s, iPhones, Blackberries, USB to the floor is restricted to
Sticks. Laptop hard disks are to be encrypted and the laptop is to No security requirements.
Blackberry) encrypted and the laptop is to be secure to desks using e.g. be secure to desks using e.g. Kensington locks. employees and authorised non-
Kensington locks. employees.

In addition to removing the directory entry for the file, the


Disposal of electronic space used by the file must be over-written using state of In addition to removing the directory entry for the file, the space
information (digital file). the art approved solutions for the permanent removal of used by the file must be over-written using state of the art Removal of Directory entry for file. Removal of Directory entry for file.
data. approved solutions for the permanent removal of data.

Information must be disposed of securely using state of Media must be disposed of securely Media must be disposed of securely
Disposal of physical the art approved solutions for the permanent removal of Media must be disposed of securely using state of the art using state of the art approved using state of the art approved
medium (e.g. hard data. approved solutions for the permanent removal of data (e.g. solutions for the permanent removal solutions for the permanent removal
disks/drives). A record must be kept of how, when and by whom the shredding or physical destruction). of data (e.g. shredding or physical of data (e.g. shredding or physical
information was destroyed (to provide an audit trail). destruction). destruction).

Prepared : Approved:

Page 2 of 2

You might also like