Information Security Classification Scheme

Purpose

The download at the bottom of this page provides a framework for staff and students to consider risks in respect of different types of data held, used and transmitted within the University. It also provides guidance on the storage and transmittal of information based upon the level of risk.

Coverage

The document provides examples of information and data which alongside the classifications. Those examples are not comprehensive, but should be sufficient to inform any consideration of sensitivity when working with information not mentioned explicitly. Some specialist areas of the University may have additional security classifications in place, based upon local needs and activities. They may be read in conjunction with this scheme.

Responsible officers

The University Secretary is the responsible officer. This scheme is maintained by the Director LLC&CI and the Head of Information Governance. All staff are responsible for ensuring that University information is held and transmitted appropriately.

Notes

• The University asserts its rights under the Copyright, Designs and Patients Act 1988 and in respect of its intellectual property. Nothing in this classification may be taken to mean otherwise.
• The classification of information can and will change over time as information is published, released, becomes obsolete or is transferred to the University’s Information Governance or Archive Services. Periodic review of security restrictions will be necessary and the University reserves the right to vary classifications as required.
• For advice on the retention and appropriate disposition of information, please contact Information Governance.
• Actions leading to the inappropriate or unauthorised disclosure of information designated ‘critical’, ‘confidential’ or ‘private’ may be a disciplinary matter.