Classifying information
Classifying university information assets is a vital element of information security. It helps us all to understand how sensitive the data is, who should access, it and what level of protection we need to provide it. BUL currently has three levels of classification.
Classification of assets
The main tasks of Information Asset Owners are classifying assets, establishing information handling rules and maintaining asset inventories.Information Asset Owners should, in accordance with the information classifcation policy, categorise and classify information assets as:
- University Confidential
- Protect or
- Unclassified
The university policy requires that that:
- information Asset Owners shall be identified for all University information assets
- information assets shall be handled according to how critical and sensitive they are
- rules for the acceptable use of information assets shall be documented and implemented
In order to fulfil their information security responsibilities, Information Asset Owners must:
- classify the information assets they are responsible for
- develop appropriate handling rules for these information assets
- ensure that all users are aware of and have confirmed their understanding of the handling rules
- maintain an up-to-date inventory of all asset usage
- monitor compliance against the information handling rules
- review classification and handling rules annually
The information classifcation policy can be seen here
And our information classification tool can be seen here