SecAware materials

SecAware logo 150 animated ezgif.gif

~5-page generic information security policy template on the classification of information.


Classification of information (i.e. assigning it to classes or levels according to the nature and severity of the associated information risks) is a convenient and cost-effective way of determining the types of information security controls that are most likely to be appropriate in order to protect them. 


This policy lays out typical classification criteria and corresponding controls.  If your organisation is subject to, or works with, classifications imposed by laws, regulations or contracts, you may prefer to adopt those internally or find a pragmatic way to use multiple classes with different interpretations and implications.  Just remember that classification is meant to simplify, not complicate and confuse things.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Information classification policy