Information Asset Classification

Statement of Policy

Information Security: Data Classification and Protection defines the method by which the data assets are categorized, based on the risk to the Volum8 System. Examples of the types of data elements for the PUBLIC, INTERNAL USE ONLY, CONFIDENTIAL, and HIGHLY RESTRICTED categories are provided in the Information Security Policy.

Classification of Information

Volum8s’ information, data, and communication must be classified strictly according to its level of confidentiality, sensitivity, value and criticality. Information may be classified as HIGHLY RESTRICTED, CONFIDENTIAL, INTERNAL USE ONLY, and PUBLIC.

HIGHLY RESTRICTED: This classification label applies to the most private or otherwise sensitive information of the Company. Information under this classification shall be strictly monitored and controlled at all times. (e.g. merger and acquisition documents, corporate level strategic plans, litigation strategy memos, reports on breakthrough new product research, and Trade Secrets such as certain computer programs.)

CONFIDENTIAL: This classification label applies to Company information, which is private or otherwise sensitive in nature and shall be restricted to those with a legitimate business need for access. (e.g. employee performance evaluations, customer transaction data, strategic alliance agreements, unpublished internally generated market research, computer passwords, identity token personal identification numbers (PINs), and internal audit reports).

INTERNAL USE ONLY: This classification label applies to information intended for use within the Company, and in some cases within affiliated organizations, such as business partners of the Company. Assets of this type are widely-distributed within the Company and may be distributed within Company without permission from the information asset owner. (e.g. telephone directory, dial-up computer access numbers, new employee training materials, and internal policy manuals.)

PUBLIC: This classification applies to information that has been explicitly approved by the Company’s management for release to the public. Assets of this type may be circulated without potential harm. (e.g. product and service brochures, advertisements, job opening announcements, and press releases.)

Handling of Assets

The action of handling classified assets is dictated by the Volum8 Information Security Policy, and Volum8 Risk Assessment Program.

Scheduled Review

This document will be reviewed on an annual basis, or as deemed necessary.

Last updated