Information classification policy

Summary

The information treatment policy defines the information classification and sets out rules how information must be treated.

The policy is applicable to all internal and external personnel.

Principles

Our organization distinguishes the following levels of information classification:

  • Public

    • Description: Information of this kind can be freely distributed to anyone.
    • Examples:
      • Information on our public web site
      • Brochures and leaflets
    • Treatment: No special measures need to be taken to protect this information.
  • Internal

    • Description: Information of this kind is meant to be kept internally at Hook0, but no harm would be done if it would fall into wrong hands. This information can be shared with all Stakeholders when deemed necessary.
    • Examples:
      • Policies and Procedures
      • Assets
      • Statement of Applicability
    • Treatment: No special measures need to be taken to protect this information.
  • Confidential

    • Description: The loss of confidential information can pose a threat to the Hook0 organization.
    • Examples:
      • Personally Identifiable Information
      • Financial information
      • Audit reports
      • Risk assessment
      • Assurance statement
    • Treatment:
      • Information can only be shared or distributed with permission from the owner, and when an NDA is in place.
      • Transmission or storage should be encrypted.
  • Sensitive

    • Description: The loss of sensitive information can pose a threat to the persons involved. Theft or loss should be reported with the authorities.
    • Examples: Special categories of personal information, such as:
      • Racial or ethnic origin
      • Political opinions
      • Religious or philosophical beliefs
      • Trade union membership
      • Personal health data
      • Biometric data
      • Sex life or sexual orientation