false
Catalog
Training Session 1
APPENDIX B - Data Classification and Handling Guid ...
APPENDIX B - Data Classification and Handling Guidelines
Back to course
Pdf Summary
The document outlines data classification and handling guidelines for protecting information based on a four-level classification scheme: Restricted, Confidential, Private, and Public. Restricted data is the most sensitive and includes Personally Identifiable Information (PII) and Non-Public Information (NPI). Confidential information is internally classified and includes valuable data like financial information. Private information originates from or is entrusted to Oakleaf. Public information can be freely shared internally and externally. <br /><br />The guidelines include specific handling requirements for each classification level, such as encryption requirements, access controls, restrictions on storage and transmission, and labeling for electronic and hardcopy media. Personally Identifiable Information (PII) and Non-Public Information (NPI) includes specific data elements like SSN, passport numbers, and financial account numbers.<br /><br />The document emphasizes the importance of securing information based on its sensitivity level, including restrictions on data sharing with third parties and proper disposal methods. It also includes specific examples of sensitive data elements for each classification level. The guidelines are approved by the Chief Information Security Officer (CISO) and the CEO, with exceptions to handling rules allowed by them. The document provides references to relevant standards like ISO 27002 and NIST SP 800-53, as well as related policies on information classification.
Keywords
Data classification
Handling guidelines
Four-level classification scheme
Restricted data
Confidential information
Private information
Public information
Personally Identifiable Information (PII)
Non-Public Information (NPI)
Chief Information Security Officer (CISO)
×
Please select your language
1
English