Information Classification
Information is an asset, but not all information has the same value for the University. Not all information needs to be protected as strongly as others when storing and sending it.
Our Information Classification Policy tells you about the classifications which we can apply to all information in the University:
- Strictly confidential
- Confidential
- Internal
- Public
A new resource for the University
As we’ve introduced new storage options at the University over the past few years, Teams and OneDrive, we thought it best to refresh our understanding of these different classifications and where this data should be stored.
Some organisations have produced posters, flowcharts and implementation guides, so we’ve produced this infographic to get us started. It illustrates a few examples of each classification, the storage options, and the features of each.
To use this resource in your office we’ll be circulating printed posters in the next week or you can download the PDF.
Suggestions for guidance
This was a response to queries about whether staff could store sensitive information in the cloud. Do you have any other similar queries that you’d like us to address? If so, please comment.
That infographic clarifies quite a few things. However, what I cannot spot on there any the moment are any categories covering what can be stored on various types University owned devices. For instance, quite a few staff will occasionally spend periods working on laptops without an internet connection and so not have access to any of the options currently illustrated.
Hi Clint, thanks for commenting. We're currently working on more general 'where to store your files' guidance, which will include all the file storage locations on your managed laptop. This will be published in the next few weeks so hopefully it answers a few more queries and we look forward to your feedback.
Fair enough. I guess this already highlights the classifications and some storage options that some people may not yet have been very aware of even though a few of them have now been around for quite a while. (I find it's still not unusual to discover that a colleague doesn't really know much about their home drive, let alone the other types of shares on the CFS) I also see Eva has already posted a link below to the existing storage options matrix PDF which offers another way of looking at these things. I do think it might be handy if the upcoming additional guidance covered not just what can be on managed laptops, but also desktops and memory sticks (both encrypted and unencrypted) and so on.
Will there be further guidance on file naming, eg to incorporate these classifications? Or guidance on otherwise including the classifications in a standard format?
Hi Anne, as far as I'm aware - I don't think there's any published guidance on file naming conventions. If there's appetite, we'd be keen to work on a blog post about this, using best practice approaches that already exist at the University. Hopefully can get something out over the next month!
Hi Anne, that's and excellent point, which we do not currently cover in our existing guidance (https://www.st-andrews.ac.uk/library/services/researchsupport/researchdata/workingwithdata/organisingdata/), but will be happy to take on board. A first important step to keep track of files which have a certain classification that might warrant specific action, is to maintain a file list of any files together with their classification.
Hi, Does this mean that staff should not have their work e-mail on their personal devices, including mobile phones?
Hi Alain, Not at all, if having your work email on your phone helps you to work more flexibly - then we're all for it. Just a few points really: 1. Work mobiles are preferred for this, but we understand this isn't always possible 2. As long as you've got a strong PIN and encryption, you should be fine 3. If you're sent a email attachment that contain confidential or strictly confidential information, although it can be viewed on your mobile, it shouldn't be downloaded or synced. Hope that helps
An excellent new resource which complements existing guidance on the different days storage options at the University. https://www.st-andrews.ac.uk/itsupport/academic/storage/
Hey Eva, this is great - thanks for sharing