Information Security Classification Scheme

Updated on 21 May 2020

Guidance to help University staff consider the sensitivity of information and the most appropriate means of storage and transmission

On this page


The download at the bottom of this page provides a framework for staff and students to consider risks in respect of different types of data held, used and transmitted within the University. It also provides guidance on the storage and transmittal of information based upon the level of risk.


The document provides examples of information and data which alongside the classifications. Those examples are not comprehensive, but should be sufficient to inform any consideration of sensitivity when working with information not mentioned explicitly. Some specialist areas of the University may have additional security classifications in place, based upon local needs and activities. They may be read in conjunction with this scheme.

Responsible officers

The University Secretary the responsible officer. This scheme is maintained by the Director LLC&CI and the Head of Information Governance. All staff are responsible for ensuring that University information is held and transmitted appropriately.


  • The University asserts its rights under the Copyright, Designs and Patients Act 1988 and in respect of its intellectual property. Nothing in this classification may be taken to mean otherwise.
  • The classification of information can and will change over time as information is published, released, becomes obsolete or is transferred to the University’s Information Governance or Archive Services. Periodic review of security restrictions will be necessary and the University reserves the right to vary classifications as required.
  • For advice on the retention and appropriate disposition of information, please contact Information Governance.
  • Actions leading to the inappropriate or unauthorised disclosure of information designated ‘critical’, ‘confidential’ or ‘private’ may be a disciplinary matter.

Change Control

Draft CIO and Records Manager & Information Compliance Officer July 2014
Consultation CTO, Information Management Committee Summer 2014
Revision CIO September 2014
Approval Senior Management Team November 2014
Web version CIO and Records Manager & Information Compliance Officer December 2014
Review and addition of ‘Highly Confidential’ category and disposal instructions. Director LLC&CI, Head of Information Governance March/April 2018
Consultation with Data, Records and Information Committee.   May 2018



Data Protection
Corporate information category Data protection