Professional Documents
Culture Documents
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
STORAGE
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
Print Usage of locked cabinet Document Version Control Scanned copy of the signed /
to be followed approved document to be stored
Stringent access control OR Authorized duplicate copy to
measures to be <CLIENT> stamp/Approver
be maintained
implemented. signature to be present in
the document For other documents maintain
Keys to be kept with
an electronic/digital version
authorized individuals only
Restricted
Electronic Storage in Document Version Control Information be backed up
/ Other secured/encrypted drives to be followed
Store copy of the backup tapes
Access to authenticated Comprehensive Application in an secure offsite location
and authorized security testing
personnel‟s/systems
Implement offline/real-time
Server: Hardened as per replication of data with DR site
Privilege rights on strictly SCD
need to know basis
Redundancy for systems to be
4) Implement File Integrity
Confidential : For Internal Circulation Only ISSP - 23
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
Stringent Audit controls to solution – Where feasible implemented
be put in place
5) Store hash value – Where Preventive maintenance to be
Password protect the feasible done for the systems
document
Implement Data Leak
Implement Data Leak Prevention Solution
Prevention Solution
INFORMATION HANDLING
Confidential ALL Photocopy to be taken only on need basis
USB/External HDD Usage: Centralized security controls to be enforced to prevent unauthorized
duplication
Implement Data Leak Prevention Solution
Restricted ALL Photocopying/Duplicating only after explicit approval from the Data Owner
USB/External HDD Usage: Prohibited
Implement Data Leak Prevention Solution
Labeling Public ALL For hardcopy files & electronic documents, apply the sensitivity label on the first page at the lower
left hand corner, preferably in the Footer section.
Where applicable, apply the label "Approved for Public Release" along with the date when the owner
declared the information public at the lower left hand corner of the first page
Confidential : For Internal Circulation Only ISSP - 23
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
Internal ALL For hardcopy files & electronic documents, apply the sensitivity label at the lower left hand corner of
every page (including Front Cover & Rear cover), preferably in the Footer Section. This also applies
to Fax messages, Microfiche, Microfilm
All instances in which data is displayed on a screen or otherwise presented to a computer user must
involve an indication of the classification level of the data
All tape reels, floppy disks, and other computer storage media containing sensitive information must
be externally labeled with the appropriate classification level
Confidential & ALL Apply the sensitivity label at the lower left hand corner of every page (including Front Cover & Rear
Restricted cover), preferably in the Footer section. Ensure that page numbering displays the total pages of the
document. This also applies to Fax messages, Microfiche, Microfilm
All instances in which data is displayed on a screen or otherwise presented to a computer user must
involve an indication of the classification level of the data
All tape reels, floppy disks, and other computer storage media containing sensitive information must
be externally labeled with the appropriate classification level
TRANSMISSION
By Spoken Public ALL No special precautions
Word
Internal ALL Reasonable precaution to prevent inadvertent disclosure
Confidential & ALL Active measures and close control to limit information to as few persons as possible
Restricted
Enclosed meeting areas. Public areas prohibited
Avoid proximity to unauthorized listeners, speaker phones etc
By Post / Public & ALL POST/EMAIL: No special precautions
Confidential : For Internal Circulation Only ISSP - 23
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
Fax / Email Internal PRINTER/FAX: Located in area not accessible to the public
/ Print
Confidential ALL POST: Sealed envelope bearing the classification label. Traceable delivery method preferred e.g.
with return receipt mail.
E-mail: Data to be password protected. Digital signatures or other manual/automated forms of Non-
Repudiation measures to be adopted. Mass mailing discouraged.
Implementation of Data Leak Prevention solution to be considered, where applicable
FAX: Located in area not accessible to the public. Cover sheet labeled "Confidential" required.
Telephone notification prior to transmission and subsequent telephone confirmation of receipt
required
Printer: Located in an area not accessible to the public. Printed data not to be left unattended.
Restricted ALL POST: Use of POST strongly discouraged except in emergency situations. Sealed envelope bearing
the classification label. Notify recipient in advance. Traceable delivery method required e.g. with
return receipt mail.
E-mail: Use of email strongly discouraged except in emergency situations. Data to be password
protected. & Encrypted. Notify recipient in advance. Digital signatures or other manual/automated
forms of Non-Repudiation measures to be adopted. Mass mailing prohibited.
Implementation of Data Leak Prevention solution to be considered, where applicable
FAX: Use of FAX strongly discouraged except in emergency situations. Located in area not
accessible to the public. Cover sheet labeled "Confidential" required. Telephone notification prior to
transmission and subsequent telephone confirmation of receipt required
Printer: Located in an area accessible only to the authorized personnel‟s. Printed data not to be left
unattended.
Release to Public ALL To be released only after approval
Confidential : For Internal Circulation Only ISSP - 23
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
Third Party
Internal ALL Intended for use only within the organization. May be shared outside the organization only if there
is a legitimate business need to know and is approved by the Data Owner
Confidential ALL Access limited to need to know basis and not to be released externally, unless in accordance with
specified policies and procedures on release of information
Restricted ALL Access limited to as few persons as possible on a need to know basis. Release only permitted by
applicable policies
DISPOSAL / DESTRUCTION
Classification Level Data Type Control for Control for INTEGRITY [I] Control for AVAILABILITY [A]
CONFIDENTIALITY [C]
Confidential ALL Destruction: Use shredder for Paper Docs, Ensure deleted data is not easily recoverable
Location of waste bin: Secure area not accessible to unauthorized persons
Paper recycling: Prohibited, unless by special recycling program for confidential information
HDD/Magnetic Media/Diskette: Overwrite or reformat as per existing Hard Disk Data Destruction
Instructions
Restricted ALL Destruction: Use shredder for paper docs. Ensure deleted data is not easily recoverable
Location of waste bin: Secure area not accessible to unauthorized persons
Paper recycling: Prohibited
HDD/Magnetic Media/Diskette: Overwrite or reformat as per existing Hard Disk Data Destruction
Instructions