Training Session 1-APPENDIX B - Data Classification and Handling Guidelines

APPENDIX B - Data Classification and Handling Guidelines

Pdf Summary

The document outlines Oakleaf's Data Classification and Handling Guidelines as part of their Information Security Program. The guidelines categorize data into four classifications: Restricted, Confidential, Private, and Public, each with specific definitions and potential impacts of unauthorized access.<br /><br />**Data Classifications:**<br />1. **Restricted:** The most sensitive data, often subject to legal or contractual restrictions. Unauthorized access may result in significant damage, including legal repercussions and reputational harm.<br />2. **Confidential:** Highly valuable business information, such as employee personal data and financial records, where unauthorized access could lead to moderate damage and breach of business interests.<br />3. **Private:** Internal or entrusted information belonging to Oakleaf, not for public release. Unauthorized access causes minimal damage.<br />4. **Public:** Information freely sharable with no potential damage upon unauthorized access.<br /><br />**Handling and Security Practices:**<br />- **Restricted Data:** Requires encryption in storage and transmission, and handling is highly regulated, involving senior management approval for printing and stringent physical mail protocols.<br />- **Confidential Data:** Requires encryption for external transmissions and is stored securely with approval needed for third-party access.<br />- **Private Data:** Encryption is recommended, with standard physical mail and disposal practices.<br />- **Public Data:** No special handling requirements beyond basic security practices.<br /><br />**Personally Identifiable Information (PII) and Non-Public Information (NPI):** These terms are considered equivalent and include sensitive information such as social security numbers, financial details, and health information.<br /><br />**Approvals and Access:**<br />Access to classified information is controlled by data owners with stringent protocols for changing data formats or media to ensure equivalent security levels are maintained.<br /><br />Lastly, a clear revision history and approval process are outlined, with references to industry standards like ISO 27002 and NIST SP 800-53, highlighting Oakleaf's commitment to information security management practices.

Keywords

Data Classification

Information Security

Restricted Data

Confidential Data

Private Data

Public Data

Encryption

PII

NPI

ISO 27002