ITProSec Data Classification and Control Process
The objective of the ITPROSEC Data Classification and Control Process is to protect the information assets of the ITPROSEC by ensuring the confidentiality, integrity and availability of the assets. Information has many forms including conversations, speeches, printed documents, handwritten notes, information stored on computer systems in electronic form, video and audio tapes, etc. Information assets range from routine communications in an electronic mail message to the ITPROSEC’s most important information assets stored and located in our system. Information can be exchanged in an elevator, hallway, over a phone, via e-mail or through a written document. It is important to protect all ITPROSEC information assets in every form and in every place it is transmitted or stored.

Document Control
Version | Author | Date | Description |
Document Review
Version | Name | Date | Description |
Document Approval
Version | Name | Title | Date | Signature |
Document Note
Version | Note |
1. | This addresses a critical step in preventing the loss of sensitive information for the ITPROSEC and supports Information Security Policy’s recommendation towards our Data Classification and Control posture.The Information Security Classification (ISC) is ITPROSEC’s enterprise-wide framework that has been adopted, to be enforced/adhered to with the information data classification and control in place prior to sharing outside of your branch or the ITPROSEC.Applying appropriate ISC safeguards will reduce the risk of an information disclosure and breach. |
Table of Contents
5. Steps for Classifying Information. 6
5.1 Information Classification Practice. 6
6.1 Labeling Protection Measures. 8
6.2 Storage Protection Measures. 9
6.3 Distribution Protection Measures. 10
6.4 Transmission Protection Measures. 11
6.5. Receiving Information Protection Measure. 12
6.6 Disposal / Storage Media Reuse Protection Measures. 13
6.7 Uses Away From ITPROSEC Premises. 13
6.8 Access Protection Measures. 14
8. Data Control and Responsibilities. 15
9. Resources for Assistance. 17
Appendix A –Terms and Definitions. 18
Appendix B –Protection Measures Summary. 20
Appendix C –Information Classification Examples. 22
APPENDIX D- Roles and Responsibilities. 23
APPENDIX E-
Resources for Assistance. 24
Introduction
This document contains the IT Professional Security (ITPROSEC) data classification levels, steps for classifying information, and protection measures required for Classified Information.
The objective of the ITPROSEC Data Classification and Control Process is to protect the information assets of the ITPROSEC by ensuring the confidentiality, integrity and availability of the assets. Information has many forms including conversations, speeches, printed documents, handwritten notes, information stored on computer systems in electronic form, video and audio tapes, etc. Information assets range from routine communications in an electronic mail message to the ITPROSEC’s most important information assets stored and located in our system. Information can be exchanged in an elevator, hallway, over a phone, via e-mail or through a written document. It is important to protect all ITPROSEC information assets in every form and in every place it is transmitted or stored.
This document will be continuously updated along with Information Security Office and capabilities establishment. For further information or questions, please contact Information Security at [email protected].
The Data Classification and Control outlined in this document apply to the following:
- All electronic messaging services (Email, text message, voice message, fax)
- Electronic documents (DOC, XLS, PDF, PPT, TXT, JPG and other formats etc.)
- Database files storage systems and Application (SQL, DB, Lotus Notes, OpenText, Case Manager etc.)
- Removable Media (USB, External Drive, CD, DVD etc.)
- Hard copy (Letter, Memo, Printed document etc.)
- Phone voicemails
There are several key security concepts to consider when making information security classification decisions.
- Confidentiality Protecting information from being accessed, divulged or distributed by people who shouldn’t have access. Keep information private that should be private.
- Integrity – Keeping information from being modified by people (or computers) without authorization Make sure that the information is accurate so that it can be used to make high quality decisions.
- Availability Preventing the information from being deleted or destroyed accidentally or intentionally or otherwise made unavailable Make sure that information is there when and where it is needed.
When determining an information classification, these three principles are the basis for deciding the security and access requirements for ITPROSEC information assets.
The Information
Security Classification (ISC) is an enterprise-wide framework that has been
adopted to provide guidance in protecting ITPROSEC information prior to sharing
outside of your branch or the ITPROSEC. Applying the appropriate ISC safeguards
will reduce the risk of an information breach. The business owners
are responsible to ensure that their information is properly classified and
labeled. Accordingly, each individual is responsible for ensuring that
information is handled according to the requirements for that classification.
The four different security levels are below:
Table 1: Sensitivity Level
Sensitivity Level | Risk | Access | Protective Safeguards | Description |
Unclassified | None | Public | None | Information meant for the public to see (e.g. Public speeches, ITPROSEC Bulletin etc.) |
Low | Low | Internal use only | Consult with business owner | Information generally available to employees and approved non-employees (ITPROSEC-All message, ITPROSEC Coffee meeting content) |
Medium | Medium | Select / Approved Group of Employees Restricted | Consult with business owner Consider using protective safeguards like Follow-You printing or header/footer and sensitivity level | Information that is intended to be assessed by a specific group of employees only (a Branch, a Project Team) |
High | High | Select/ Approved Individuals | Consult with business owner Apply header or footer with sensitivity level Use Follow-You printing Do not use Inter-Office Mail Identify sensitivity level in the body or subject of an email | Information that is extremely confidential and intended for access by named individuals or position only (e.g. Chair, CIO, HR etc.) |
To classify or reclassify information, begin by reviewing the information classification definitions listed in the Classification Levels section. There are also examples of information and their classification levels available for reference in Appendix B (Information Classification Examples). Individual data elements are not expected to be classified. For example, first name and last name are classified as “Personal Information.” However, an email message containing the recipient’s first and last name is not normally assigned this classification. Information in its entirety should be considered for classification and when possible, should be grouped and then assigned a group classification. From the previous example, an email message with the recipient’s first and last name, and an attachment containing an executed contract agreement should be classified as “Low” or “Medium.”
For difficulties or discrepancies in determining the appropriate classification of information, please contact the business owner or Records and Information Management. Refer to the Resources for Assistance section 9 for additional information.
5.1 Information Classification Practice
This section addresses specific classification use cases:
- Labeling Considerations
The classification label is intended to be an immediate visual reminder of the protection requirements of the information received. The classification label for ITPROSEC information should be immediately visible and conspicuously marked. As required by the Information Security Policy, where continuous labeling is not feasible, the business owner should determine alternative provisions. These provisions may consist of, but are not limited to: meta-data, log-on pages, title pages, cover sheets, transmittal sheets, physical labels, etc.
The effectiveness of labeling procedures is not solely determined by the presence of a classification label, but is reinforced by the proper handling and protection actions demonstrated by the recipient of the information.
ITPROSEC information may be labeled so that the recipient is made aware of any additional handling required for that information. Such labels are not official ITPROSEC classification categories and do not have any associated information protection requirement. Examples of these handling labels include, but are not limited to:
Draft | Not Public Yet |
Private | Limited Use |
For Review only | Not to Share |
5.1.2. Change in Classification
The classification of information may change over time or an “event” can trigger the security classification to change. For example, Low sensitivity while the draft is in progress; while may later release or publish to public or website as unclassified. Another example is financial data is classified as Medium (Restricted) or shall not be disclosed until release. After its release, this same information is unclassified or public.
Consider that as internal policy is being reviewed and re-drafted, it is “Medium” sensitivity. Once the policy has been approved and it is posted to the Intranet, the sensitivity changes to “Low” sensitivity.
If the information’s classification will change at a specific time, label it accordingly. For example:
Low until July 31, 2017 OR High until 3Q17 Financial Statement
After July 31, 2017, is released to the Public. Public
Unclassified /Public Classification after Release
5.1.3. Mixed Classification
Some documents, files, or Web sites contain data with more than one classification. For example, a document describing the Information Services Architecture might contain general information about future configurations. This information is classified as low. The same document also may have a small section describing the proposed equipment configuration in detail. This small section may be classified as Medium. In this case, there are two options:
1. Classify the entire document or web site as at the highest level of any of the information.
2. Move the more sensitive information into a separate document, standalone appendix, or another separate location. Classify only the separate document at the higher level e.g. Medium.
5.1.4. Third party companies and Services
The ITPROSEC works with many third-party companies such as managed service providers and external professional services. As a result, ITPROSEC classified information may be transferred or processed or stored off-site. While the responsibility for implementing information protection measures may be delegated to these third parties, business owners cannot outsource their accountability to protect ITPROSEC information. The Information Security Policy requires third parties to comply with the Policy.
The responsibility for information classification, handling and protection should not be compromised by the introduction of third party service providers. In some cases, third parties may outsource their activities to yet another branch making it critical that business owners be fully aware how ITPROSEC information will be used and to ensure that appropriate information protection measures are identified in Third party service agreements or Memorandum Of Understanding (MOU).
Information Data Classification requires implanting practices and protection
measure related to:
- Labeling
- Storage
- Distribution
- Transmission
- Disposal / Storage Media Reuse
- Use Away from the ITPROSEC Premises
- Access
This section identifies the minimal levels of protection required in these areas for ITPROSEC information classified data as Unclassified, Low, Medium and High.
As required by the Information Security Classification (ISC), information owner or department manager are responsible to ensure that their information is properly classified and labeled. The actual labeling procedure may vary depending on the sensitivity in which the information is stored. Table 2 identifies some common labeling methods for various types of information assets.
Table 2: Labeling Protection Measure
Type | Unclassified | Low | Medium | High |
Electronic Messaging services (Email, Text, chat history etc.) | Mark ‘Unclassified’ in the Message Sensitivity setting, or Subject line | Mark ‘Low’ in the Message Sensitivity setting, where available, or Subject line | Mark ‘Medium’ in the Message Sensitivity setting, where available, or Subject line | Mark ‘High’ in the Message Sensitivity setting, where available, or Subject line |
Electronic Documents Files (e.g. doc, xls, ppt, pdf, txt etc.) | Mark ‘Unclassified’ in the header /footer, watermark or document metadata | Mark ‘Low’ in the header / footer, watermark or document meta-data | Mark ‘Medium’ in the header / footer, watermark or document meta-data | Mark ‘High’ in the header / footer, watermark or document meta-data |
Databases File storage systems Applications (db, sql, oracle, mysql etc.) | Mark ‘Unclassified’ in system / application meta-data, online screen displays and reports | Mark ‘Low’ in system / application meta-data, online screen displays and reports | Mark ‘Medium’ in system / application meta-data, online screen displays and reports | Mark ‘High’ in system / application meta-data, online screen displays and reports |
Removable media (USB, CD/DVD, Ext. Drive, Tape) | Mark ‘Unclassified’ on exterior / adhesive label, where feasible | Mark ‘Low’ on exterior / adhesive label, where feasible | Mark ‘Medium’ on exterior / adhesive label, where feasible | Mark ‘High’ on exterior / adhesive label, where feasible |
Hard copy (Letter, Memo, Printed document) | Mark ‘Unclassified’ on every page | Mark ‘Low’ on every page | Mark ‘Medium’ on every page | Mark ‘High’ on every page |
Voicemail Phone | Voicemail messages shall begin with a statement regarding “General message, non-sensitive message” | Voicemail messages shall begin with a statement regarding confidentiality is low. E.g. “The following message contains “Low’ (internal use) information.” | Voicemail messages shall begin with a statement regarding confidentiality level is “Medium” | Voicemail not permitted |
6.2 Storage Protection Measures
Depending on the classification, information assets will need different types of storage protection measures to ensure that the confidentiality, integrity, and availability of the information are protected. Table 3 identifies storage protection measures for common information assets across the classification levels.
Table 3: Storage Protection Measure
Type | Unclassified | Low | Medium | High |
Electronic Messaging services (Email, Text, chat history etc.) | Encryption not required | Encryption recommended | Encryption recommended | Encryption mandatory |
Electronic Documents Files (doc, xls, ppt, pdf, txt etc.) | Encryption not required | Encryption recommended | Encryption recommended | Encryption mandatory |
Databases File storage systems Applications (db, sql, oracle, mysql etc.) | Encryption not required | Encryption Recommended | Encryption recommended | Encryption is mandatory for enterprise database systems within ITPROSEC approved secure data center and other approved environments |
Removable media (USB, CD/DVD, Ext. drive, Tape etc.) | Encryption device Recommended | Encryption device mandatory | Encryption device mandatory | Encryption mandatory |
Mobile device | Encryption is not required but don’t leave mobile device unattended | Encryption recommended Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Encryption recommended Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Encryption mandatory Secured in locked container, cabinet, drawer, or safe when not in use Do not leave unattended |
Hard copy (Letter, Memo, Printed document) | No protection required but proper handling is recommended | Secured in locked container, cabinet or drawer when not in use. No protection required for Internal Employee | Secured in locked container, cabinet or drawer when not in use. Do not leave unattended | Secured in locked container, cabinet, drawer, or safe when not in use. Do not leave unattended |
Voicemail Phone | Voicemail permitted and shall be erased when no longer needed | Voicemail permitted Messages shall be erased when no longer required | Voicemail permitted Messages shall be erased when no longer required | Voicemail not permitted |
6.3 Distribution Protection Measures
When classified information is shared with individuals, other branches or to those outside of the ITPROSEC who are not aware of the value or sensitivity of an information asset, it is essential to establish the sensitivity level so that protection requirements can be quickly understood, communicated and acted upon. As required by the Information Security Classification, Third parties who work with ITPROSEC shall sign a non-disclosure agreement. Also, if Third Parties require access to the ITPROSEC network, they must sign a network access agreement including Code of Conduct. Table 4 identifies the distribution protection measures for common information assets across the classification levels.
Table 4: Distribution Protection Measures
Type | Unclassified | Low | Medium | High |
Electronic Document Files (Email, DOC, XLS, PPT, PDF, TXT JPG etc.) | Mark as “Unclassified” and makes sure the files are good for distribution to outside of group or ITPROSEC. No Encryption required | Mark as “Low” and makes sure the files are Consult with business owner before distribution to outside of ITPROSEC. Encryption device should be used for electronic documents and files on removable media | External distribution requires Non-disclosure Agreement (NDA) Electronic documents and files on removable media sent outside ITPROSEC in protected envelope or container by bonded courier Encryption device must be used for electronic documents and files on removable media | External distribution requires Non-disclosure Agreement (NDA) or Memorandum Of Understanding (MOU) and Business Owner approval Electronic documents, files on removable media sent outside ITPROSEC in protected envelope or tamper evident packaging by bonded courier with delivery tracking and recipient signature required, or hand delivered Encrypted device is mandatory |
Databases File storage systems Applications (SQL, DB, Lotus Notes, Domino etc.) | Mark as “Unclassified” and Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider only. Access Protection required according to classification | Mark as “Low” and Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider only. Access Protection required according to classification | Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider only. Access Protection required according to classification | Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider Access Protection required according to classification |
Hard copy (Letter / Memo, Printed document) | Facsimile transmission permitted Documents cleared from printers, copiers and fax machines. Documents sent outside ITPROSEC in in general envelope using normal post | Facsimile transmission permitted when sender and receiver present Documents cleared from printers, copiers and fax machines immediately Documents sent outside ITPROSEC in protected envelope using normal post | External distribution requires Non-disclosure Agreement (NDA) Facsimile transmission permitted when sender and receiver present Documents cleared from printers, copiers and fax machines immediately Documents sent outside ITPROSEC in protected envelope using normal post | External distribution requires Non-disclosure Agreement (NDA) or Memorandum of understanding (MOU) and Business Owner approval Facsimile transmission not permitted Documents cleared from printers and copiers immediately Documents sent outside ITPROSEC in protected envelope or tamper evident packaging by bonded courier with delivery tracking and recipient signature required |
Voicemail Phone | Conduct discussions via regular phone or mobile phone with discretion. | Recipient can be identified and spoken to Information shall not be discussed in public place where it may be overheard Conduct discussions via mobile phone with discretion. | Recipient can be identified and spoken to Information shall not be discussed in public place where it may be overheard Conduct discussions via mobile phone with discretion. | Voicemail not permitted Information shall not be discussed in public place where it may be overheard Conduct discussions via mobile phone with discretion |
6.4 Transmission Protection Measures
When transmitting ITPROSEC classified information over the Internet or telecommunications networks, special protection measures are required. The Resources for Assistance section 9 provides links to some of the most common information protection tools available on the desktop. Table 5 identifies the transmission protection measures for common information assets across the classification levels.
Table 5: Transmission Protection Measures
Type | Low | Medium | High |
Electronic messaging services (Email, Text, chat history etc.) | Secure connection and Encryption recommended | Secure connection and Encryption mandatory | Secure connection and Encryption mandatory |
Electronic documents Files (DOC, XLS, PPT, PDF, TXT JPG etc.) | Secure connection and Encryption recommended | Secure connection or Encrypted connection mandatory Encryption software to encrypt the files recommended | Secure connection or Encrypted connection mandatory Encryption software to encrypt the files |
Databases File storage systems Applications (SQL, DB, Lotus Notes, Domino etc.) | Secure connection required | Secure connection and Encryption mandatory | Encryption in transit recommended between servers within a ITPROSEC approved secure data center Encryption mandatory for all other transmission |
Mobile device | Encryption recommended | Encryption mandatory Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Encryption mandatory |
Hard copy (Letter, Memo, Printed document) | Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Facsimile transmission not permitted |
6.5. Receiving Information Protection Measure
When the ITPROSEC receives information from another organization, apply the ISC and safeguards as appropriate. If the information already has a security /sensitivity level applied, use the equivalent ITPROSEC safeguards.
Type | Unclassified | Low | Medium | High |
Electronic messaging services (Email, Text, chat history etc.) | Received marked as “Unclassified” or “Public”, mark to ITPROSEC level as “Unclassified” | Received marked as “Internal, or ‘Protected”, give same safeguard or ITPROSEC level “Low” | Received marked as “Confidential’, or ‘Top Protected”, give ITPROSEC safeguard level as “Medium”. | Received marked as “Highly Confidential’, or ‘Highly Protected”, give ITPROSEC safeguard level as “High”. |
Electronic documents Files (.doc, xls, PPt, pdf, txt, jpg etc.) | Received marked as “Unclassified” or “Public”, mark to ITPROSEC level as “Unclassified” | Received marked as “Internal, or ‘Protected”, give same safeguard or ITPROSEC level “Low” Ensure the documents are secure electronically | Received marked as “Confidential’, or ‘Top Protected”, give ITPROSEC safeguard level as “Medium”. Ensure the documents are secure or Encryption recommended | Received marked as “Highly Confidential’, or ‘Highly Protected”, give ITPROSEC safeguard level as “Medium”. Ensure the documents are secure or Encryption Mandatory |
Hard copy (Letter / Memo, Printed document) | Received marked as “Unclassified” or “Public”, mark to ITPROSEC level as “Unclassified” | Received marked as “Internal, or ‘Protected”, give same safeguard or ITPROSEC level “Low” Do not leave unattended | Received marked as “Confidential’, or ‘Top Protected”, give ITPROSEC safeguard level as “Medium”. Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Received marked as “Highly Confidential’, or ‘Highly Protected”, give ITPROSEC safeguard level as “High”. Secured in locked container, cabinet or drawer when not in use Do not leave unattended |
6.6 Disposal / Storage Media Reuse Protection Measures
As required by the Information Security Classification and by the ITPROSEC – Record Retention Schedules, paper records, storage devices, and removable media that are no longer needed shall undergo a deletion process such that sensitive information cannot be reconstructed or recovered after use. Depending on the information asset, each may need a different type of disposal protection measure. Please consult IT for assistance with deletion and disposal measures for media and mobile devices. Table 6 identifies disposal protection measures for common information assets across the classification levels.
Table 6: Disposal / Storage Media Reuse Protection Measure
Type | Low | Medium | High |
Removable media and hard drives | Data irretrievably deleted or media destroyed CD/ DVD media destroyed (e.g., shred, cut, break, etc.) | Data irretrievably deleted or media destroyed CD/ DVD media destroyed (e.g., shred, cut, break, etc.) | Data irretrievably deleted or media destroyed CD/ DVD media destroyed (e.g., shred, cut, break, etc.) |
Mobile device | Data irretrievably deleted prior to reuse or destruction | Data irretrievably deleted prior to reuse or destruction | Data irretrievably deleted prior to reuse or destruction |
Hard copy | Cross cut shredding or ITPROSEC approved secure waste disposal service | Cross cut shredding or ITPROSEC approved secure waste disposal service | Cross cut shredding or ITPROSEC approved secure waste disposal service |
Voicemail Phone | Messages erased when no longer required | Messages erased when no longer required | Voicemail not permitted |
6.7 Uses Away From ITPROSEC Premises
It is not permitted to remove classified information from the ITPROSEC premises. If for any reason, the information needs to be taken away such as for a meeting or a conference outside of the ITPROSEC, special care should be taken to ensure that the ITPROSEC classified information is not compromised in vehicles, conference centres, meeting rooms or public places, including any other area outside of the ITPROSEC premises. Table 7 identifies off-premises protection measures across the classification levels.
Table 7: Use Away from ITPROSEC Premises
Type | Low | Medium | High |
Authorization | Approved Individual / group Requires business owner authorization for use away from ITPROSEC Premises | Approved Individual / group Requires business owner authorization for use away from ITPROSEC Premises | Select approved Individual Requires business owner authorization for use away from ITPROSEC premises |
All electronic storage media and mobile devices | Keep information in encrypted removable media, mobile devices, secured using physical locks or on-person when not in use Do not disclose or leave unattended Encryption device is mandatory for information stored on removable media or mobile devices | Keep information in encrypted removable media, mobile devices physically locked away, secured using physical locks or on-person when not in use Do not disclose or leave unattended Encryption mandatory for information stored on removable media or mobile devices | Keep information in encrypted removable media or mobile, devices physically locked away, secured using physical locks or on person when not in use Must not disclose or leave unattended Encryption mandatory for information stored on removable media or mobile devices |
Access control refers to permissions and limitations for disclosing ITPROSEC classified information. Access to information stored in the ITPROSEC Systems is addressed by assigning privileges based on the individual’s “need to know” and their role. Table 8 identifies the measures required to manage and track access and disclosure activities for ITPROSEC information across the classification categories.
Table 8: Access Protection Measures
Type | Low | Medium | High |
User authentication | User access with unique user ID and password A strong authentication required to access internal ITPROSEC applications remotely Password encrypted in transmission and storage | User access with unique user ID and password A strong or two factor authentication required to access internal ITPROSEC applications remotely Password encrypted in transmission and storage | User access with unique user ID and password Second authentication required to confirm access or Two-factor authentication required to access internal ITPROSEC applications remotely Password encrypted in transmission and storage |
User authorization and access control | Business Owner’s approval required Access granted based on need to know At a minimum, security assigned by group. (User receives all access privileges assigned to the group.) | Business Owner, or designated Business Steward, approval required Access granted based on need to know At a minimum, security assigned by group. (User receives all access privileges assigned to the group.) | Business Owner/ Manager approval mandatory Access granted based on need to know Security group or individual based on role in function or organization |
User access reviews | Access reviews conducted every six (6) months | Access reviews conducted every six (6) months | Access reviews conducted every three (3) months |
System security logs | Log security relevant access or actions Logs subject to records retention requirements as appropriate | Log security relevant access or actions Logs subject to records retention requirements as appropriate | Log security relevant access or actions; continual security monitoring for unauthorized activity and intrusions mandatory Logs subject to records retention requirements as appropriate |
Note: Classified systems must comply with ITPROSEC Security Baselines (or equivalent). See the Technical Security Baselines for additional information.
8.1 Information Security:
The Information Security Office (ISC) who oversees the ITPROSEC information Security Program and maintain overall security by:
- Developing and implementing ITPROSEC wide information security program.
- Documenting and disseminating information Security policies, procedures, standards and guidelines.
- Identifying, reviewing risk associated to the operational or the change and providing necessary recommendation.
- Coordinating the development and implementation of ITPROSEC information security training and awareness program
- Coordinate a response to actual or suspected breaches in the confidential, integrity or availability of ITPROSEC Data.
8.2 Data Steward:
A Data Steward who oversees the lifecycle of one more sets of ITPROSEC Data. Responsibility of Data Steward includes the following:
- Serves, Commission-wide, as the central point of contact and knowledge for the data under their stewardship
- Is responsible for implementing DG practices and solutions – including participating in the change of Branch / Office business processes – as mandated by the DG Steering Committee and directed by the DGWG
- Is responsible for providing and maintaining data definitions
- Is responsible for attainment of metrics set for data by the DG Steering Committee
- Is able to prioritize issues related to the data in their stewardship
- Identifies/defines mandatory/critical data elements that need to be measured or treated separately
- Maintains and updates DQ & MDM business rules
- Identifies, manages and escalates as needed critical data management issues and risks
- Together with Data Owners, identifies resources to participate in data-related issue resolution
- Together with Data Owners, reviews and provides input to data model for their data domain
- Target ITPROSEC organizational alignment: Manager
8.3 Data Owner:
A Data Owner has administrative control and has been officially designated as accountable for a specific information asset dataset with the following definition:
- Accountable for the definition, quality, and compliance to standards/regulations of the data in their data domain[1]
- The
goal of the Data Owner to ensure that the data within their domain is fit
for use by ensuring that DG Practices {i.e. Policies, Standards,
Processes, and Procedures in DG, DQ, MM and MDM/RDM} are deployed. This
includes the following key tasks:
- Ensures that data definitions are provided by Data Stewards for the data domain
- Contributes to and approves data duplicate identification (i.e. matching and survivorship rules) for master data in their domain
- Together with Data Stewards, identifies and mobilizes resources to participate in data-related issue resolution
- May contribute to data access policies and controls within their data domain, along with whoever manages this agenda within IT
- Ideally, understands usage, consumption and value of data in their ownership across the broader organization
- Familiar with Data Management and Governance roles, principles and processes
- Contributes to identifying the scope of a domain
- Proposes Data Steward appointments to the DG Steering Committee
- Provides agreed-upon reporting on DG performance metrics for their domain (i.e. DQ, MM, MDM/RDM, compliance) to the DG Steering Committee
- Proposes feedback to and seeks clarification about policies, processes and procedures related to the data in their domain from DGWG and the DG Steering Committee
8.4 Records and Information Management:
Records and Information Management is a unit in the ITPROSEC which provides records management advice, support, and services to staff such as:
- Reference and retrieval
- Information and records management compliance advice and best practices guidance
- Secure shredding of paper documents
- Secure destruction of electronic media.
The following resources provide additional guidance for protecting the ITPROSEC information:
- ITPROSEC Information and Records Management Policy
- ITPROSEC Employee Information Security Handbook v0.9 DRAFT.docx
- ITPROSEC Data Governance Program Framework
- ITPROSEC Technical Security Baselines
- ITPROSEC Records Retention Schedules
- Protecting ITPROSEC Information When Outside the Office
- Freedom of Information and Protection of Privacy Act
Appendix A –Terms and Definitions
This appendix identifies commonly used terms used throughout this standard.
Term | Definition |
Application | A software program that performs a specific function directly for a user. |
Authentication/Two-factor Authentication | The process of verifying the identity or other attributes claimed or assumed by a user. |
Authorized third party provider | A non-Employee or entity in a contractual arrangement for specific services with the ITPROSEC. |
ITPROSEC approved secure data center | A facility operated by or on behalf of ITPROSEC whose sole function, operation, or use involves information technology equipment, systems and services. It utilizes a variety of environmental and operational measures for information storage, processing, transmission, and protection, and must meet a minimum of twelve (12) controls to be considered ITPROSEC approved. |
Electronic messaging services | Services providing interpersonal communications capability to conduct ITPROSEC business. Electronic messaging services include, but are not limited to, electronic mail, text messaging, online chat, electronic fax, and other similar electronic communications services. |
Encryption in transit | The protection of information at its point of origin and intended destination that cannot be read by someone or an application that is not authorized to it. |
Encryption software | The content of the documents, pictures or files are protected by enabling password or compression with encryption. Some of encryption capable software are WinZip, WinRar, Word, Excel etc. |
Enterprise database system | A collection of programs used to enter, organize, and select data in a database, and is licensed for business use. Examples of enterprise database systems include IBM DB2 Enterprise Server, Oracle Database, and Microsoft SQL Server Enterprise. |
File storage system | A physical device used for large scale implementation onto which information is recorded or stored. |
Mobile device | A portable computing and communications device with information storage capability. Mobile device includes, but is not limited to, laptop computer, smartphone, tablet computer, cellular telephone, digital camera, and audio recording device. |
Removable media | Any electronic information storage device used to store data for specific and legitimate purposes. Removable media includes, but is not limited to: magnetic storage devices such as back-up tapes, floppy disks, removable hard drives; cartridges, including digital audio tape (DAT), optical disks in compact disc (CD) and digital video disc (DVD) format; static memory devices such as flash memory cards, USB flash drives, and thumb key drives; |
Secure access connection | A secure network connection that is connect between ITPROSEC network and from the outside public network such as the Internet or other non-ITPROSEC networks (e.g. GoToMyPC). Its purpose is to secure connection from the remote users from getting access to ITPROSEC information assets. |
Third Parties | Third parties entities/companies work with ITPROSEC such as Manage Service provider, Data center provider, outsourcer or external professional services. |
Appendix B –Protection Measures Summary
This appendix summarizes the protection measures required for each information data classification and control. This reference is intended for all Employees and Third Parties who works/handles with ITPROSEC information.
Refer to the ITPROSEC Record and Information Policy for classification, Freedom of Information and Protection of Privacy Act for requirements for the collection, use, disclosure and protection of information classified as “Personal Information.”
http://www.ITPROSEC.com/en/statements_privacy_index.htm
http://intranet.ITPROSEC.com/5793.htm
ELECTRONIC MESSAGING SERVICES | ELECTRONIC DOCUMENTS / FILES | DATABASES/ FILE STORAGE SYSTEMS/ APPLICATION | REMOVABLE MEDIA | MOBILE DEVICE | HARDCOPY | VOICEMAIL / PHONE | DISPOSAL | |
For Internal Use | Mark ‘Low’ or in the Message Sensitivity setting, where available, or Subject line Encryption recommended | Mark ‘Low’ or ‘Internal’ on every page, view, or document meta-data Encryption recommended | Mark ‘Low’ or ‘Internal’ in meta-data, online screen displays and reports Encryption recommended Accessed via ITPROSEC approved Secure Connection Method (GoToMyPC) or authorized Third Party Provider | Mark ‘Low’ or ‘Internal’ on exterior / adhesive label, where feasible Encryption recommended Secured in locked container, cabinet or drawer when not in use Do not leave unattended | Encryption recommended Do not leave unattended | Mark ‘Low’ or ‘Internal’ on every page Secured in locked container, cabinet or drawer when not in use Facsimile transmission permitted when sender and receiver present Sent in protected envelope using normal post Do not leave unattended | Recipient can be identified and spoken to Voicemail identifies classification; messages deleted when no longer required Information not discussed in public place where it may be overheard Discussions via mobile phone conducted with discretion | Data on removable media, mobile devices, and hard drives irretrievably deleted prior to reuse or destruction Cross cut shredding or ITPROSEC approved secure waste disposal service mandatory for hard copy documents |
High | Mark ‘High’ in the Message Sensitivity setting, where available, or Subject line Encryption mandatory | Mark ‘High’ on every page, view, or document meta-data Encryption mandatory | Mark ‘High’ in meta-data, online screen displays and reports Encryption recommended for enterprise database systems within ITPROSEC approved secure data center; otherwise encryption device or mandatory Encryption in transit recommended between servers within ITPROSEC approved secure data center; otherwise encryption mandatory Accessed via ITPROSEC approved Secure Access Method ‘GoToMyPC’ or authorized Third Party Provider only | Mark ‘High’ on exterior / adhesive label, where feasible Encryption mandatory Secured in locked container, cabinet, drawer, or safe when not in use Do not leave unattended | Encryption mandatory Do not leave unattended | Mark ‘High’ on every page Secured in locked container, cabinet, drawer, or safe when not in use Facsimile transmission not permitted Sent in protected envelope or tamper evident packaging by bonded courier; delivery tracking and recipient confirmation required Do not leave unattended | Voicemail not permitted Information not discussed in public place where it may be overheard Discussions conducted via mobile phone with discretion | Data on removable media, mobile devices, and hard drives irretrievably deleted prior to reuse or destruction Cross cut shredding or ITPROSEC approved secure waste disposal service mandatory for hard copy documents |
Appendix C –Information Classification Examples
This appendix lists the official classifications in use at ITPROSEC. For questions regarding classification of information not listed in this appendix, please contact the business owner or business steward for the appropriate business function.
Sensitivity Level | Risk | Access | Protective Safeguards |
Unclassified | None | Public | None |
Low | Low | Internal employee use only | Consult with business owner |
Medium | Medium | Select /Approved Group of Employees | Consult with business owner / Record and Information Consider using protective safeguards like Follow-You printing or header/footer |
High | High | Select/Approved Individuals | Consult with business owner /Record and Information Apply header or footer with sensitivity level Use Follow-You printing Do not use Inter-Office Mail Identify sensitivity level in the subject of an email or body. |
Functional Area | Medium | High |
Legal | Regulatory Report Legal Notice | Enforcement information of the company or director |
Finance | ITPROSEC Financial report | Negotiation or Financial information submitted for Merger & Acquisition (M&A) |
Human Resources | Completed employee performance reviews | Investigation on Employees |
Information Technology | Security Policy, Procedures, Standard Technical Security Baseline System Architecture diagrams | ITPROSEC network design, IP address, documents, system security configuration, parameters ITPROSEC internal IP address, network password |
Executive | Executive Travel Plans | Confidential information submitted for Derivatives, Merger and Acquisition (M&A) |
http://intranet.ITPROSEC.com/5467.htm
For details contact [email protected] or at Ext. 3735 or [email protected] or at Ext. 3779
APPENDIX D- Roles and Responsibilities
All employees working at the ITPROSEC must maintain accurate and reliable records that fairly reflect all of our business transactions in order to meet our legal and financial obligations.
Employees must be aware of and understand the Data Classification and Control Policy, Information and Records Management Policy.
For more information, visit the links below:
http://intranet.ITPROSEC.com/4412.htm
http://ITPROSECer/otcs/livelink.exe/properties/3515891
APPENDIX E- Resources for Assistance
ITPROSEC Information and Records Management Policy
Enterprise Connect\ITPROSECer\Enterprise\Corporate Services\Information Services\00 Records and Information Management
ITPROSEC Employee Information Security Handbook v0.9 DRAFT.docx
Enterprise Connect\ITPROSECer\Enterprise\Corporate Services\Information Services\18 –
Security\Employee Information Security Handbook
ITPROSEC Data Governance Program Framework
http://ITPROSECer/otcs/livelink.exe/properties/3515891
ITPROSEC Technical Security Baselines
Enterprise Connect\ITPROSECer\Enterprise\Corporate Services\Information Services\18 – Security\Information Security Standards
ITPROSEC Records Retention Schedules
http://intranet.ITPROSEC.com/5477.htm
Freedom of Information and Protection of Privacy Act
https://www.ontario.ca/laws/statute/90f31
Protecting ITPROSEC Information When Outside the Office
http://intranet.ITPROSEC.com/4002.htm
Guidelines on Protecting ITPROSEC
Information When Outside the ITPROSEC.
[1] For more on Data Domains, please see Section 4.5.1 Structure of Data Ownership & Accountability below.