5-page generic information security policy on the classification of information.
Classification of information (i.e. assigning it to classes or levels according to the nature and severity of the associated information risks) is a convenient and cost-effective way of determining the types of information security controls that are most likely to be appropriate in order to protect them.
This policy lays out the classification criteria and corresponding controls that are typically required.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Information classification policy
Template policy on information classification
See also the security policies on:
- Information governance
- Information ownership
- Information risk management
- Access control
- BCM Business Continuity Management
- Information retention
- Information disposal