5-page generic information security policy on the classification of information.
 
Classification of information (i.e. assigning it to classes or levels according to the nature and severity of the associated information risks) is a convenient and cost-effective way of determining the types of information security controls that are most likely to be appropriate in order to protect them. 
 
This policy lays out the classification criteria and corresponding controls that are typically required.
 
Delivered as an editable MS Word document, easily customized for your organization's specific needs.