What is Information Classification?
Information classification is a way to communicate the sensitivity of information that you create or come in contact with, providing a framework for how all of RRC Polytech’s information assets are classified. The purpose of an information classification system is to recognize that different information requires different levels of controls, helping employees take appropriate actions to protect information and ensure proper safeguards are in place.
Information classification covers all information, whether physical or digital:
- Physical information is usually paper including posters and diagrams. Physical information is also the objects or media used to store digital information, such as USB keys, CD/DVDs, and hard drives.
- Digital information refers to documents, spreadsheets, presentations, video and audio recordings, email and social media. This information may be stored on a network folder, OneDrive, email, systems, or physical media such as USB keys, hard drives, etc.
Your Role in Information Classification
We all play a role in protecting and securing RRC Polytech’s data from risk, including unauthorized access, modification, use, disclosure, removal and destruction. In order to help ensure our data is protected from potential breaches, RRC Polytech has developed a four-level information classification system. Classifying information helps the author communicate the sensitivity of the information to people who may come in contact with it. And it helps those people treat it appropriately, making sure our sensitive information is always secured.
Information Classification Levels
- Information that is not confidential and is created to be shared or made available to the public. E.g., marketing materials or published policies and/or strategies.
- Information with this label can be freely shared without restriction.
- Most staff are unlikely to create this kind of information unless it is specifically part of their job. Usually, this information is created as part of formal processes.
Learn more about protecting public information ›
- Information that is relevant to an internal RRC Polytech audience and not confidential within the College. This information is not intended to be shared externally but poses no harm if made public, e.g., Staff News posts or Staff Forum (Intranet) content.
- The majority of the documents staff create are likely to be internal.
- In general, this information can be shared with RRC Polytech employees as required.
Learn more about protecting internal information ›
- Information that is confidential, sensitive externally, and access is limited to specific roles or groups of individuals at RRC Polytech, e.g., vendor contracts or student and/or employee records, business plans, etc.
Learn more about protecting protected information ›
- Highly confidential information both externally and internally within the College. This information is restricted to specific named individuals or very specific roles, e.g., legal files, personal health information and planning document drafts.
Learn more about protecting restricted information ›
What Should You Do When You Suspect a Breach Has Taken Place?
A breach is defined as information that is disclosed, or potentially disclosed, inappropriately or to inappropriate or unintended audiences.
If you know or suspect a breach has taken place, please contact Information Protection and Compliance or Legal Counsel.