Information Security Classification Scheme
Updated on 21 May 2020
Guidance to help University staff consider the sensitivity of information and the most appropriate means of storage and transmission
The download at the bottom of this page provides a framework for staff and students to consider risks in respect of different types of data held, used and transmitted within the University. It also provides guidance on the storage and transmittal of information based upon the level of risk.
The document provides examples of information and data which alongside the classifications. Those examples are not comprehensive, but should be sufficient to inform any consideration of sensitivity when working with information not mentioned explicitly. Some specialist areas of the University may have additional security classifications in place, based upon local needs and activities. They may be read in conjunction with this scheme.
The University Secretary the responsible officer. This scheme is maintained by the Director LLC&CI and the Head of Information Governance. All staff are responsible for ensuring that University information is held and transmitted appropriately.
- The University asserts its rights under the Copyright, Designs and Patients Act 1988 and in respect of its intellectual property. Nothing in this classification may be taken to mean otherwise.
- The classification of information can and will change over time as information is published, released, becomes obsolete or is transferred to the University’s Information Governance or Archive Services. Periodic review of security restrictions will be necessary and the University reserves the right to vary classifications as required.
- For advice on the retention and appropriate disposition of information, please contact Information Governance.
- Actions leading to the inappropriate or unauthorised disclosure of information designated ‘critical’, ‘confidential’ or ‘private’ may be a disciplinary matter.
|Draft||CIO and Records Manager & Information Compliance Officer||July 2014|
|Consultation||CTO, Information Management Committee||Summer 2014|
|Approval||Senior Management Team||November 2014|
|Web version||CIO and Records Manager & Information Compliance Officer||December 2014|
|Review and addition of ‘Highly Confidential’ category and disposal instructions.||Director LLC&CI, Head of Information Governance||March/April 2018|
|Consultation with Data, Records and Information Committee.||May 2018|