Information classification is a process intended assigning a level of sensitivity to information/ data as it is being created, processed, stored or transmitted. The classification of information should determine the extent to which the data needs to be controlled/ secured and is also a measure of its value for the business. Protection for the information has to be designed and applied in line with the classification and the value of the information.
1.1 POLICY OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND POLICIES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3.1 CLASSIFICATION SCHEME AND HANDLING
3.2 TERMS OF MISUSE OF CLASSIFIED INFORMATION
3.3 MODIFICATION OF CLASSIFICATION
3.4 INFORMATION LABELING
4.1 INFORMATION OWNER’S ROLE AND RESPONSIBILITIES
4.2 INFORMATION CUSTODIAN’S ROLE AND RESPONSIBILITIES
4.3 INFORMATION USER’S RESPONSIBILITIES
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST POLICY VIOLATION
6.2 DOCUMENT REVISION
The purpose of this Business Continuity Plan Procedure is to provide an effective, fit-for-purpose, predefined and documented framework and process to enable the Business Continuity Management of the Company’s Mission Critical Activities and their dependencies.
The objective of the Configuration Management Procedure is to ensure the integrity and availability of Company information and to prevent damages from uncontrolled configuration changes to all IT and physical infrastructure services that support Company’s systems.