Classification of information Policy

Document ID ACPL-ISMS-C5.12
Document Classification Internal
Issue Date (effective from) 01.12.2023
Version No 1.0
Latest Review Date 01.12.2023

Nitin Gupta Kunal Parikh Vijay Gupta

CISO Director Director

Prepared By Reviewed By Approved By

 Classification of information Policy

1. Control statement:

Information should be classified according to the information security needs of the organization based
on confidentiality, integrity, availability and relevant interested party requirements

2. Purpose:

To ensure identification and understanding of protection needs of information in accordance with its
importance to the organization.

3. Scope:

This policy is applicable to information and other associated assets and communication to all the
interested parties.

4. Procedure:

(1) While deciding the classification of the information, confidentiality, integrity and availability
have been taken into consideration.

(2) Results of classification should be updated in accordance with changes of the value, sensitivity
and criticality of information through their life cycle.

(3) The scheme should be consistent across the whole organization and included in its procedures
so that everyone classifies information and applicable other associated assets in the same way.

(4) when the information has been made public, it no longer has confidentiality requirements but
can still require protection for its integrity and availability properties.

(5) An information confidentiality classification scheme is based on four levels as follows:

 Disclosure causes no harm;

 Disclosure causes minor reputational damage or minor operational impact;
 Disclosure has a significant short-term impact on operations or business objectives;
 Disclosure has a serious impact on long term business objectives or puts the survival of
the organization at risk

5. Information Classification

5.1 SENSITIVE AND RESTRICTED

Doc ID: ACPL-ISMS-C5.12 Version 1.0 Last Rev. Date: 01.12.2023 Page 2 of 3

This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.
 Classification of information Policy

Restricted data includes data that, if compromised or accessed without authorization, could lead to
criminal charges and massive legal fines or cause irreparable damage to the company.
Examples of restricted data might include proprietary information or research and data protected by
Government regulations.

5.2 CONFIDENTIAL

Access to confidential data requires specific authorization and/or clearance.

Types of confidential data might include Employee Records, Personal identification numbers, cardholder
data, Accounting & Payroll Data, Subscriptions and more.

5.3 PRIVATE AND PROPRIETARY

This type of data is strictly accessible to internal company personnel or internal employees who are
granted access.
Departmental memos, information on internal bulletin boards, training materials, policies, operating
procedures, work instructions, guidelines, phone and email directories, marketing or promotional
information (prior to authorized release), investment options. Transaction data, productivity reports,
disciplinary reports, contracts/proposals, Service Level Agreements, internal vacancy notices, intranet Web
pages, blue prints/ proof of concept.

5.4 PUBLIC OR OPEN

This type of data is freely accessible to the public (i.e. all employees/company personnel). It can be freely
used, reused, and redistributed without repercussions.
For example, Marketing materials authorized for public release such as advertisements, brochures,
published annual accounts, Internet Web pages, catalogues, social media accounts and external vacancy
notices.

6. References
1. Information Asset register

7. Revision History

Revision Date Description Author

1.0 01.12.2023 Initial release CISO

Doc ID: ACPL-ISMS-C5.12 Version 1.0 Last Rev. Date: 01.12.2023 Page 3 of 3

This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.