Professional Documents
Culture Documents
Sparq Information Classification: Mod: Sparq Created Date: 1/11/2019 SC: Internal
Sparq Information Classification: Mod: Sparq Created Date: 1/11/2019 SC: Internal
Sparq Information Classification: Mod: Sparq Created Date: 1/11/2019 SC: Internal
I. Background
In order to meet the requirement from the control objective A8.2 of ISO2700 Information Security
Management System framework ‘Information Classification’, and instructs that organisations
“ensure that information receives an appropriate level of protection”. All SparQ information
assets which under the responsibility of sub departments need to be classified. This would help
SparQ having an extra protection and appropriate methods to secure valued information assets.
Information Classification also help employees aware about their responsibility when they
access/handle/share information to internal/external customers.
Create
Dispose Organize/Store
Maintain Use/Access/Transfer
MoD: responsible
for ensuring that
strictly confidential
information is
distributed on a
Internal: use a sealed envelop
Apply combined IT strict need-to-know
inside an internal mail envelope.
services to secure basis.
Hand deliver is required
the information
External: use a plain sealed
(e.g. ACL, Users: responsible Paper documents: shred
Avoid number of envelope with extra physical
Firewall). for ensuring that using an approved cross-cut
copies as much as security (e.g. metal box with
confidential shredder.
Top secret information of SparQ.Only available for top level of Put “STRICTLY possible. Copies need combined locked). Hand deliver
Two factor information is kept
managemennt (e.g. CEO, board of management, key stake holders). Stregic business plan, Company's intellectual CONFIDETIAL" to be approved by top or send by registered mail,
STRICTLY CONFIDENTIAL authentication is for them and Archive for 10 year Electronic data: erase or
properties. on the header of management level. courier etc .
required to access authorized degauss magnetic media.
Very high security level for this type of information. document template Copies version need Electronic: use internal email
this type of person/avoid sharing Send CDs, DVDs, dead hard
to have the same system only. Also, email
information. password to non drives, laptops etc. to IT for
security level on it. encryption is required when
authorized appropriate disposal.
sending confidential information
Data also must be parties/person.
to outside of SparQ. Receiver
encrypted when Apply approriated
also need to have apply two
store security measures
factor authentication
(e.g. data
encryption) to
increase the
information security
level.
MoD: SparQ Created Date: 1/11/2019 SC: INTERNAL
FROM
Business Processes
(1)
IDENTIFY
REVIEW
Information Assets
(5)
(2)
DETERMINE CLASSIFY
Extra Protection (Y/N) Information Assets
(4) (3)