Call IT Support Email IT Support

Information classification

Resources to help you identify and handle sensitive information.

Classifying our information appropriately is the first step in safeguarding our data across the University.

This informaiton provides a quick look at information classificaiton - for full details please read our Informaiton Classification control procedure:

Classifying information

There are three categories or levels of classification:

1. Public information

Information that is intended for public distribution and requires no specific security handling. For example, marketing material or information that has already entered the public domain via a Freedom of Information request.

2. Internal information

Information that would have minimal impact if disclosed, but where it is prudent to maintain a need-to-know approach. This covers the majority of University-generated information.

3. Sensitive information

Information that has a clear elevated sensitivity due to its legal, contractual or business value. For example, information containing sensitive personal data according to the Data Protection Act definitions; information relating to ongoing commercial projects where disclosure could jeopardise the project; information that could identify a security vulnerability.

At a glance: how to handle sensitive information

How you can help:

Identify way sort of information you handle, and check that you are doing everything you can to store, share, mark, destroy and handle that information in the appropriate way for its classification.

The information classification procedure sets out how assets will be classified according to their legal requirements, business value, criticality and sensitivity, and classification will indicate appropriate handling requirements. All information assets will have a defined retention and disposal schedule.

Information Security