~5-page generic information security policy template on the classification of information.
Classification of information (i.e. assigning it to classes or levels according to the nature and severity of the associated information risks) is a convenient and cost-effective way of identifying appropriate controls. This policy template lays out typical classification criteria and the corresponding controls, including the process of implementing stronger, perhaps bespoke controls to protect highly classified information.
If your organisation has compliance obligations under laws, regulations or contracts relating to third party classification schemes (e.g. defence/national security), you may prefer to adopt those classifications internally or find a pragmatic way to use multiple classes with different interpretations and implications. Just remember that classification is meant to simplify, not complicate and confuse things!
Supplied as an MS Word document, readily customised for your organisation's specific situation.
top of page
bottom of page