Information Classification and Handling

Information and data are a fundamental University asset, required for the effective operation of the University and the services it offers, including teaching, learning and research, administrative, management and commercial activities.

The correct classification of information is important to help ensure the preventation of data breaches anbd to minimise the impact of such breaches if they do occur. As well as being good practive, the classification of information and data helps to ensure that the University remains complaint with Data Protection and Freedom of Information regulations.

The University has chosen to classify its information and data into three classification: Highly Sensitive, Personal/Confidential and Non-Sensitive/Open

To help staff identify the appropriate classification for their information/data and how to store and or share it the following documents have been developed:

Information Classification Flowchart

Information Classification and Handling Policy

To ensure that University can be both accessed, used and shared effectively, and also protected from inappropriate access, use or sharing, the following information management principles will apply:

• Information is an Asset: Information is an asset that has value to the University and must be managed accordingly
• Information is Shared: Users have access to the information necessary to carry out their duties; therefore information is shared where permissible and appropriate
• Information is Secure: Information is protected from unauthorised use and disclosure.  In addition to traditional aspects of information security, such as the Data Protection Act, this includes protection of sensitive and commercial information.
• Information is Responsibly Managed: All members of the University community have responsibility for ensuring the secure and appropriate use of information assets