Payroll, procedures, administrative documentation or user database are examples of the type of information that can be handled at the University of Valencia. Not all have the same importance, as a consequence, in case of theft or loss it will have different repercussions depending on the data they contain. To know what kind of protection we should give each asset, the information must be classified.
In which categories can the information be classified?
a) Not classified. It can be shared without restrictions. It is public in nature.
b) Restricted. Always for internal use. It can be shared among the personnel affected by the regulation in question with competence in its treatment. In addition, restricted information can be classified as limited dissemination. In this case, it can also be shared with interested third parties such as administrators or providers linked to some type of contract.
c) Confidential. This information must only be shared among personnel who, by virtue of their functions, must be aware of it.
How to label the information?
Always include a confidentiality clause in the footer of the email. The level of classification of the information and the corresponding access restrictions must be specified.
However, the use of a confidentiality clause does not guarantee the absolute protection of classified information, so it is advisable to take additional measures to ensure the protection of information. We may use encryption, user authentication or access monitoring, especially with information classified as “CONFIDENTIAL”.
In addition, personnel sending classified information emails must be properly trained and authorized to handle this type of data. The labels will be printed in a clearly visible location on the page, so that it is easily identifiable for the personnel that handles the documentation.
Office documents
In the case of office documents, Office 365 (both for the desktop application and for the cloud application), has a tab with which it is easy to classify the information. Selecting "Confidential information" or "Restricted information" will automatically include the corresponding label in the footer.
Internal applications
In internal Academic Management applications in which documentation is printed in paper format that may contain classified information, it must be ensured that it is properly labeled with the corresponding classification level applied in each application.
Each internal application that needs to print classified information will be configured so that, when printing, the label corresponding to the information classification level is automatically included.
Specifically, the following footer will be added: “The information contained in this document is considered restricted/confidential and for the exclusive use of the person, department, service or area that receives it. If you are not the recipient, please note that any use of the information contained in the document is totally prohibited. If you have received this communication in error, please notify us as soon as possible by writing to the mail (include mail) or by telephone (include telephone).
