Documentation
Document classification ensures the correct handling and monitoring of sensitive information both in and outside of a business, a critical aspect when it comes to protecting the most valuable data.
Every Information security management system will have a Data Classification & Handling policy which must be complied with.
- All documentation must be appropriately labelled, managed, stored and communicated in line with your organisations document classification and handling policy
- Documentation should be reviewed and managed in line with your organisations data retention policy
- Sensitive documents should be kept secure, preferably in a locked drawer or cabinet, but essentially out of sight
- Sensitive documentation no-longer required should be securely shredded and disposed of
- Meeting rooms should be cleared of all documentation, including information on whiteboards and flip charts before leaving the room
- Highly confidential information should be suitably protected when communicated e.g. password protection, encryption etc.
