ISO27001 states that “Information shall be classified according to the information security needs of the organisation based on confidentiality, integrity, availability and relevant interested party requirements.” (A5.12 Classification of information)
Why is this required?
Not all data is the same, and therefore will be treated differently. For example, HR data, which might be considered sensitive because you are processing payroll, proof of ID (like passports), and sickness and health information.
Therefore HR data should be managed more carefully than perhaps your marketing materials, which would contain relatively generic information that can be shared with the public..
Our Induction Information Classification Matrix is a simple and visual way to describe how you will classify information, and how it will be handled.
About our procedures
Our procedures are written with the end-user in mind. They need to represent 'truth' and what actually happens in your organisation.
Remember to always keep the audience in mind; Who will read these documents? They are a little more detailed than policies, as they can include steps that must be followed to achieve the desired outcome.
Information Classification Matrix
Hey, we're not going to go all 'legal' on you here... that's not our style. But this is our Intellectual Property, and we'd prefer it if you didn't go sharing this with other people who haven't spent the money and bought a copy.
Of course, we can't really stop you... But are you that kind of person? We don't think you are. So if you want to tell people about your new found super power of ISO27001-Awesomeness, great... just don't give it away for free!