Information Classification:
Category title | Classified C1
Highly Confidential |
Classified C2
Confidential |
NC
Non-Classified |
Headline | Has the potential to cause serious damage or distress to individuals or serious damage to the University’s interests (including its relationships with other partners) if disclosed inappropriately. | Has the potential to cause a negative impact on individuals’ or the University’s interests (but not falling into C1). | Information not falling into either of the Classified categories. |
Description | Refer to Impact levels of ‘high’ or ‘major’ on the Risk Measurement Criteria.
|
Refer to Impact levels ‘Minor’ or ‘Moderate’ on the Risk Measurement Criteria.
|
e.g. Current courses, Key Information Sets, Annual Report and Financial Statements, Freedom of Information disclosures. |
Key security requirement | Confidentiality and integrity. | Confidentiality and integrity. | Availability. |
Type of protection required | This information requires significant security measures, strictly controlled and limited access and protection from corruption.
Back up requirements will need to be considered in relation to the importance of the information: is it the master copy of a vital record, how difficult would it be to recreate and how much resource would it require to recreate it? |
This information requires security measures, controlled and limited access and protection from corruption.
Back up requirements will need to be considered in relation to the importance of the information: is it the master copy of a vital record, how difficult would it be to recreate and how much resource would it require to recreate it? |
This information should be accessible to the University whilst it is required for business purposes.
Back up requirements will need to be considered in relation to the importance of the information: is it the master copy of a vital record, how difficult would it be to recreate and how much resource would it require to recreate it? |
Handling Procedures For:
General advice:
- Always aim to keep Classified Information (C1 and C2) within the University’s secure environment.
- Where this is not possible consider whether the information can be redacted or anonymised to remove confidential or highly confidential information, thereby converting it to Non-Classified Information (NC).
- Report any potential loss or unauthorised disclosure of Classified Information to the IT Service Desk on 11111
- Seek advice on secure disposal of equipment containing Classified Information via the IT Service Desk on 11111
- Use the Confidential Waste Service for disposal of paper and small electronic media Handling@cardiff.ac.uk
Follow us on Twitter @CU_InfoSec [social_media size=”medium” services=”twitter”]