Information Security Classification Scheme

Updated on 21 May 2020

Guidance to help University staff consider the sensitivity of information and the most appropriate means of storage and transmission

On this page


The download at the bottom of this page provides a framework for staff and students to consider risks in respect of different types of data held, used and transmitted within the University. It also provides guidance on the storage and transmittal of information based upon the level of risk.


The document provides examples of information and data which alongside the classifications. Those examples are not comprehensive, but should be sufficient to inform any consideration of sensitivity when working with information not mentioned explicitly. Some specialist areas of the University may have additional security classifications in place, based upon local needs and activities. They may be read in conjunction with this scheme.

Responsible officers

The University Secretary the responsible officer. This scheme is maintained by the Director LLC&CI and the Head of Information Governance. All staff are responsible for ensuring that University information is held and transmitted appropriately.


  • The University asserts its rights under the Copyright, Designs and Patients Act 1988 and in respect of its intellectual property. Nothing in this classification may be taken to mean otherwise.
  • The classification of information can and will change over time as information is published, released, becomes obsolete or is transferred to the University’s Information Governance or Archive Services. Periodic review of security restrictions will be necessary and the University reserves the right to vary classifications as required.
  • For advice on the retention and appropriate disposition of information, please contact Information Governance.
  • Actions leading to the inappropriate or unauthorised disclosure of information designated ‘critical’, ‘confidential’ or ‘private’ may be a disciplinary matter.

Change Control


CIO and Records Manager & Information Compliance Officer

July 2014


CTO, Information Management Committee

Summer 2014



September 2014


Senior Management Team

November 2014

Web version

CIO and Records Manager & Information Compliance Officer

December 2014

Review and addition of ‘Highly Confidential’ category and disposal instructions.

Director LLC&CI, Head of Information Governance

March/April 2018

Consultation with Data, Records and Information Committee.


May 2018



Data Protection
Corporate information category Data protection