ITProSec Data Classification and Control Process

Sunny Heart 25th January 202018th July 2023 0 Comments Data Security

The objective of the ITPROSEC Data Classification and Control Process is to protect the information assets of the ITPROSEC by ensuring the confidentiality, integrity and availability of the assets. Information has many forms including conversations, speeches, printed documents, handwritten notes, information stored on computer systems in electronic form, video and audio tapes, etc. Information assets range from routine communications in an electronic mail message to the ITPROSEC’s most important information assets stored and located in our system. Information can be exchanged in an elevator, hallway, over a phone, via e-mail or through a written document. It is important to protect all ITPROSEC information assets in every form and in every place it is transmitted or stored.

Table of Contents

Document Control

Version

Author

Date

Description

Document Review

Version

Name

Date

Description

Document Approval

Version	Name	Title	Date	Signature

Document Note

Version

Note

This addresses a critical step in preventing the loss of sensitive information for the ITPROSEC and supports Information Security Policy’s recommendation towards our Data Classification and Control posture.The Information Security Classification (ISC) is ITPROSEC’s enterprise-wide framework that has been adopted, to be enforced/adhered to with the information data classification and control in place prior to sharing outside of your branch or the ITPROSEC.Applying appropriate ISC safeguards will reduce the risk of an information disclosure and breach.

Table of Contents

3. Security Concept 4

4. Classification Levels. 5

5. Steps for Classifying Information. 6

5.1 Information Classification Practice. 6

6. Protection Measures. 7

6.1 Labeling Protection Measures. 8

6.2 Storage Protection Measures. 9

6.3 Distribution Protection Measures. 10

6.4 Transmission Protection Measures. 11

6.5. Receiving Information Protection Measure. 12

6.6 Disposal / Storage Media Reuse Protection Measures. 13

6.7 Uses Away From ITPROSEC Premises. 13

6.8 Access Protection Measures. 14

8. Data Control and Responsibilities. 15

9. Resources for Assistance. 17

Appendix A –Terms and Definitions. 18

Appendix B –Protection Measures Summary. 20

Appendix C –Information Classification Examples. 22

APPENDIX D- Roles and Responsibilities. 23

APPENDIX E- Resources for Assistance. 24

Introduction

This document contains the IT Professional Security (ITPROSEC) data classification levels, steps for classifying information, and protection measures required for Classified Information.

This document will be continuously updated along with Information Security Office and capabilities establishment. For further information or questions, please contact Information Security at [email protected].

The Data Classification and Control outlined in this document apply to the following:

All electronic messaging services (Email, text message, voice message, fax)
Electronic documents (DOC, XLS, PDF, PPT, TXT, JPG and other formats etc.)
Database files storage systems and Application (SQL, DB, Lotus Notes, OpenText, Case Manager etc.)
Removable Media (USB, External Drive, CD, DVD etc.)
Hard copy (Letter, Memo, Printed document etc.)
Phone voicemails

There are several key security concepts to consider when making information security classification decisions.

Confidentiality Protecting information from being accessed, divulged or distributed by people who shouldn’t have access. Keep information private that should be private.
Integrity – Keeping information from being modified by people (or computers) without authorization Make sure that the information is accurate so that it can be used to make high quality decisions.
Availability Preventing the information from being deleted or destroyed accidentally or intentionally or otherwise made unavailable Make sure that information is there when and where it is needed.

When determining an information classification, these three principles are the basis for deciding the security and access requirements for ITPROSEC information assets.

The Information Security Classification (ISC) is an enterprise-wide framework that has been adopted to provide guidance in protecting ITPROSEC information prior to sharing outside of your branch or the ITPROSEC. Applying the appropriate ISC safeguards will reduce the risk of an information breach. The business owners are responsible to ensure that their information is properly classified and labeled. Accordingly, each individual is responsible for ensuring that information is handled according to the requirements for that classification.

The four different security levels are below:

Table 1: Sensitivity Level

Sensitivity Level	Risk	Access	Protective Safeguards	Description
Unclassified	None	Public	None	Information meant for the public to see (e.g. Public speeches, ITPROSEC Bulletin etc.)
Low	Low	Internal use only	Consult with business owner	Information generally available to employees and approved non-employees (ITPROSEC-All message, ITPROSEC Coffee meeting content)
Medium	Medium	Select / Approved Group of Employees Restricted	Consult with business owner Consider using protective safeguards like Follow-You printing or header/footer and sensitivity level	Information that is intended to be assessed by a specific group of employees only (a Branch, a Project Team)
High	High	Select/ Approved Individuals	Consult with business owner Apply header or footer with sensitivity level Use Follow-You printing Do not use Inter-Office Mail Identify sensitivity level in the body or subject of an email	Information that is extremely confidential and intended for access by named individuals or position only (e.g. Chair, CIO, HR etc.)

To classify or reclassify information, begin by reviewing the information classification definitions listed in the Classification Levels section. There are also examples of information and their classification levels available for reference in Appendix B (Information Classification Examples). Individual data elements are not expected to be classified. For example, first name and last name are classified as “Personal Information.” However, an email message containing the recipient’s first and last name is not normally assigned this classification. Information in its entirety should be considered for classification and when possible, should be grouped and then assigned a group classification. From the previous example, an email message with the recipient’s first and last name, and an attachment containing an executed contract agreement should be classified as “Low” or “Medium.”

For difficulties or discrepancies in determining the appropriate classification of information, please contact the business owner or Records and Information Management. Refer to the Resources for Assistance section 9 for additional information.

5.1 Information Classification Practice

This section addresses specific classification use cases:

Labeling Considerations

The classification label is intended to be an immediate visual reminder of the protection requirements of the information received. The classification label for ITPROSEC information should be immediately visible and conspicuously marked. As required by the Information Security Policy, where continuous labeling is not feasible, the business owner should determine alternative provisions. These provisions may consist of, but are not limited to: meta-data, log-on pages, title pages, cover sheets, transmittal sheets, physical labels, etc.

The effectiveness of labeling procedures is not solely determined by the presence of a classification label, but is reinforced by the proper handling and protection actions demonstrated by the recipient of the information.

ITPROSEC information may be labeled so that the recipient is made aware of any additional handling required for that information. Such labels are not official ITPROSEC classification categories and do not have any associated information protection requirement. Examples of these handling labels include, but are not limited to:

Draft	Not Public Yet
Private	Limited Use
For Review only	Not to Share

5.1.2. Change in Classification

The classification of information may change over time or an “event” can trigger the security classification to change. For example, Low sensitivity while the draft is in progress; while may later release or publish to public or website as unclassified. Another example is financial data is classified as Medium (Restricted) or shall not be disclosed until release. After its release, this same information is unclassified or public.

Consider that as internal policy is being reviewed and re-drafted, it is “Medium” sensitivity. Once the policy has been approved and it is posted to the Intranet, the sensitivity changes to “Low” sensitivity.

If the information’s classification will change at a specific time, label it accordingly. For example:

Low until July 31, 2017 OR High until 3Q17 Financial Statement

After July 31, 2017, is released to the Public. Public

Unclassified /Public Classification after Release

5.1.3. Mixed Classification

Some documents, files, or Web sites contain data with more than one classification. For example, a document describing the Information Services Architecture might contain general information about future configurations. This information is classified as low. The same document also may have a small section describing the proposed equipment configuration in detail. This small section may be classified as Medium. In this case, there are two options:

1. Classify the entire document or web site as at the highest level of any of the information.

2. Move the more sensitive information into a separate document, standalone appendix, or another separate location. Classify only the separate document at the higher level e.g. Medium.

5.1.4. Third party companies and Services

The ITPROSEC works with many third-party companies such as managed service providers and external professional services. As a result, ITPROSEC classified information may be transferred or processed or stored off-site. While the responsibility for implementing information protection measures may be delegated to these third parties, business owners cannot outsource their accountability to protect ITPROSEC information. The Information Security Policy requires third parties to comply with the Policy.

The responsibility for information classification, handling and protection should not be compromised by the introduction of third party service providers. In some cases, third parties may outsource their activities to yet another branch making it critical that business owners be fully aware how ITPROSEC information will be used and to ensure that appropriate information protection measures are identified in Third party service agreements or Memorandum Of Understanding (MOU).

Information Data Classification requires implanting practices and protection measure related to:

Labeling
Storage
Distribution
Transmission
Disposal / Storage Media Reuse
Use Away from the ITPROSEC Premises
Access

This section identifies the minimal levels of protection required in these areas for ITPROSEC information classified data as Unclassified, Low, Medium and High.

As required by the Information Security Classification (ISC), information owner or department manager are responsible to ensure that their information is properly classified and labeled. The actual labeling procedure may vary depending on the sensitivity in which the information is stored. Table 2 identifies some common labeling methods for various types of information assets.

Table 2: Labeling Protection Measure

Type	Unclassified	Low	Medium	High
Electronic Messaging services (Email, Text, chat history etc.)	Mark ‘Unclassified’ in the Message Sensitivity setting, or Subject line	Mark ‘Low’ in the Message Sensitivity setting, where available, or Subject line	Mark ‘Medium’ in the Message Sensitivity setting, where available, or Subject line	Mark ‘High’ in the Message Sensitivity setting, where available, or Subject line
Electronic Documents Files (e.g. doc, xls, ppt, pdf, txt etc.)	Mark ‘Unclassified’ in the header /footer, watermark or document metadata	Mark ‘Low’ in the header / footer, watermark or document meta-data	Mark ‘Medium’ in the header / footer, watermark or document meta-data	Mark ‘High’ in the header / footer, watermark or document meta-data
Databases File storage systems Applications (db, sql, oracle, mysql etc.)	Mark ‘Unclassified’ in system / application meta-data, online screen displays and reports	Mark ‘Low’ in system / application meta-data, online screen displays and reports	Mark ‘Medium’ in system / application meta-data, online screen displays and reports	Mark ‘High’ in system / application meta-data, online screen displays and reports
Removable media (USB, CD/DVD, Ext. Drive, Tape)	Mark ‘Unclassified’ on exterior / adhesive label, where feasible	Mark ‘Low’ on exterior / adhesive label, where feasible	Mark ‘Medium’ on exterior / adhesive label, where feasible	Mark ‘High’ on exterior / adhesive label, where feasible
Hard copy (Letter, Memo, Printed document)	Mark ‘Unclassified’ on every page	Mark ‘Low’ on every page	Mark ‘Medium’ on every page	Mark ‘High’ on every page
Voicemail Phone	Voicemail messages shall begin with a statement regarding “General message, non-sensitive message”	Voicemail messages shall begin with a statement regarding confidentiality is low. E.g. “The following message contains “Low’ (internal use) information.”	Voicemail messages shall begin with a statement regarding confidentiality level is “Medium”	Voicemail not permitted

6.2 Storage Protection Measures

Depending on the classification, information assets will need different types of storage protection measures to ensure that the confidentiality, integrity, and availability of the information are protected. Table 3 identifies storage protection measures for common information assets across the classification levels.

Table 3: Storage Protection Measure

Type	Unclassified	Low	Medium	High
Electronic Messaging services (Email, Text, chat history etc.)	Encryption not required	Encryption recommended	Encryption recommended	Encryption mandatory
Electronic Documents Files (doc, xls, ppt, pdf, txt etc.)	Encryption not required	Encryption recommended	Encryption recommended	Encryption mandatory
Databases File storage systems Applications (db, sql, oracle, mysql etc.)	Encryption not required	Encryption Recommended	Encryption recommended	Encryption is mandatory for enterprise database systems within ITPROSEC approved secure data center and other approved environments
Removable media (USB, CD/DVD, Ext. drive, Tape etc.)	Encryption device Recommended	Encryption device mandatory	Encryption device mandatory	Encryption mandatory
Mobile device	Encryption is not required but don’t leave mobile device unattended	Encryption recommended Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Encryption recommended Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Encryption mandatory Secured in locked container, cabinet, drawer, or safe when not in use Do not leave unattended
Hard copy (Letter, Memo, Printed document)	No protection required but proper handling is recommended	Secured in locked container, cabinet or drawer when not in use. No protection required for Internal Employee	Secured in locked container, cabinet or drawer when not in use. Do not leave unattended	Secured in locked container, cabinet, drawer, or safe when not in use. Do not leave unattended
Voicemail Phone	Voicemail permitted and shall be erased when no longer needed	Voicemail permitted Messages shall be erased when no longer required	Voicemail permitted Messages shall be erased when no longer required	Voicemail not permitted

6.3 Distribution Protection Measures

When classified information is shared with individuals, other branches or to those outside of the ITPROSEC who are not aware of the value or sensitivity of an information asset, it is essential to establish the sensitivity level so that protection requirements can be quickly understood, communicated and acted upon. As required by the Information Security Classification, Third parties who work with ITPROSEC shall sign a non-disclosure agreement. Also, if Third Parties require access to the ITPROSEC network, they must sign a network access agreement including Code of Conduct. Table 4 identifies the distribution protection measures for common information assets across the classification levels.

Table 4: Distribution Protection Measures

Type	Unclassified	Low	Medium	High
Electronic Document Files (Email, DOC, XLS, PPT, PDF, TXT JPG etc.)	Mark as “Unclassified” and makes sure the files are good for distribution to outside of group or ITPROSEC. No Encryption required	Mark as “Low” and makes sure the files are Consult with business owner before distribution to outside of ITPROSEC. Encryption device should be used for electronic documents and files on removable media	External distribution requires Non-disclosure Agreement (NDA) Electronic documents and files on removable media sent outside ITPROSEC in protected envelope or container by bonded courier Encryption device must be used for electronic documents and files on removable media	External distribution requires Non-disclosure Agreement (NDA) or Memorandum Of Understanding (MOU) and Business Owner approval Electronic documents, files on removable media sent outside ITPROSEC in protected envelope or tamper evident packaging by bonded courier with delivery tracking and recipient signature required, or hand delivered Encrypted device is mandatory
Databases File storage systems Applications (SQL, DB, Lotus Notes, Domino etc.)	Mark as “Unclassified” and Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider only. Access Protection required according to classification	Mark as “Low” and Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider only. Access Protection required according to classification	Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider only. Access Protection required according to classification	Accessed via ITPROSEC approved Secure Access Connection (SAC) or authorized Third Party Provider Access Protection required according to classification
Hard copy (Letter / Memo, Printed document)	Facsimile transmission permitted Documents cleared from printers, copiers and fax machines. Documents sent outside ITPROSEC in in general envelope using normal post	Facsimile transmission permitted when sender and receiver present Documents cleared from printers, copiers and fax machines immediately Documents sent outside ITPROSEC in protected envelope using normal post	External distribution requires Non-disclosure Agreement (NDA) Facsimile transmission permitted when sender and receiver present Documents cleared from printers, copiers and fax machines immediately Documents sent outside ITPROSEC in protected envelope using normal post	External distribution requires Non-disclosure Agreement (NDA) or Memorandum of understanding (MOU) and Business Owner approval Facsimile transmission not permitted Documents cleared from printers and copiers immediately Documents sent outside ITPROSEC in protected envelope or tamper evident packaging by bonded courier with delivery tracking and recipient signature required
Voicemail Phone	Conduct discussions via regular phone or mobile phone with discretion.	Recipient can be identified and spoken to Information shall not be discussed in public place where it may be overheard Conduct discussions via mobile phone with discretion.	Recipient can be identified and spoken to Information shall not be discussed in public place where it may be overheard Conduct discussions via mobile phone with discretion.	Voicemail not permitted Information shall not be discussed in public place where it may be overheard Conduct discussions via mobile phone with discretion

6.4 Transmission Protection Measures

When transmitting ITPROSEC classified information over the Internet or telecommunications networks, special protection measures are required. The Resources for Assistance section 9 provides links to some of the most common information protection tools available on the desktop. Table 5 identifies the transmission protection measures for common information assets across the classification levels.

Table 5: Transmission Protection Measures

Type	Low	Medium	High
Electronic messaging services (Email, Text, chat history etc.)	Secure connection and Encryption recommended	Secure connection and Encryption mandatory	Secure connection and Encryption mandatory
Electronic documents Files (DOC, XLS, PPT, PDF, TXT JPG etc.)	Secure connection and Encryption recommended	Secure connection or Encrypted connection mandatory Encryption software to encrypt the files recommended	Secure connection or Encrypted connection mandatory Encryption software to encrypt the files
Databases File storage systems Applications (SQL, DB, Lotus Notes, Domino etc.)	Secure connection required	Secure connection and Encryption mandatory	Encryption in transit recommended between servers within a ITPROSEC approved secure data center Encryption mandatory for all other transmission
Mobile device	Encryption recommended	Encryption mandatory Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Encryption mandatory
Hard copy (Letter, Memo, Printed document)	Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Facsimile transmission not permitted

6.5. Receiving Information Protection Measure

When the ITPROSEC receives information from another organization, apply the ISC and safeguards as appropriate. If the information already has a security /sensitivity level applied, use the equivalent ITPROSEC safeguards.

Type	Unclassified	Low	Medium	High
Electronic messaging services (Email, Text, chat history etc.)	Received marked as “Unclassified” or “Public”, mark to ITPROSEC level as “Unclassified”	Received marked as “Internal, or ‘Protected”, give same safeguard or ITPROSEC level “Low”	Received marked as “Confidential’, or ‘Top Protected”, give ITPROSEC safeguard level as “Medium”.	Received marked as “Highly Confidential’, or ‘Highly Protected”, give ITPROSEC safeguard level as “High”.
Electronic documents Files (.doc, xls, PPt, pdf, txt, jpg etc.)	Received marked as “Unclassified” or “Public”, mark to ITPROSEC level as “Unclassified”	Received marked as “Internal, or ‘Protected”, give same safeguard or ITPROSEC level “Low” Ensure the documents are secure electronically	Received marked as “Confidential’, or ‘Top Protected”, give ITPROSEC safeguard level as “Medium”. Ensure the documents are secure or Encryption recommended	Received marked as “Highly Confidential’, or ‘Highly Protected”, give ITPROSEC safeguard level as “Medium”. Ensure the documents are secure or Encryption Mandatory
Hard copy (Letter / Memo, Printed document)	Received marked as “Unclassified” or “Public”, mark to ITPROSEC level as “Unclassified”	Received marked as “Internal, or ‘Protected”, give same safeguard or ITPROSEC level “Low” Do not leave unattended	Received marked as “Confidential’, or ‘Top Protected”, give ITPROSEC safeguard level as “Medium”. Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Received marked as “Highly Confidential’, or ‘Highly Protected”, give ITPROSEC safeguard level as “High”. Secured in locked container, cabinet or drawer when not in use Do not leave unattended

6.6 Disposal / Storage Media Reuse Protection Measures

As required by the Information Security Classification and by the ITPROSEC – Record Retention Schedules, paper records, storage devices, and removable media that are no longer needed shall undergo a deletion process such that sensitive information cannot be reconstructed or recovered after use. Depending on the information asset, each may need a different type of disposal protection measure. Please consult IT for assistance with deletion and disposal measures for media and mobile devices. Table 6 identifies disposal protection measures for common information assets across the classification levels.

Table 6: Disposal / Storage Media Reuse Protection Measure

Type	Low	Medium	High
Removable media and hard drives	Data irretrievably deleted or media destroyed CD/ DVD media destroyed (e.g., shred, cut, break, etc.)	Data irretrievably deleted or media destroyed CD/ DVD media destroyed (e.g., shred, cut, break, etc.)	Data irretrievably deleted or media destroyed CD/ DVD media destroyed (e.g., shred, cut, break, etc.)
Mobile device	Data irretrievably deleted prior to reuse or destruction	Data irretrievably deleted prior to reuse or destruction	Data irretrievably deleted prior to reuse or destruction
Hard copy	Cross cut shredding or ITPROSEC approved secure waste disposal service	Cross cut shredding or ITPROSEC approved secure waste disposal service	Cross cut shredding or ITPROSEC approved secure waste disposal service
Voicemail Phone	Messages erased when no longer required	Messages erased when no longer required	Voicemail not permitted

6.7 Uses Away From ITPROSEC Premises

It is not permitted to remove classified information from the ITPROSEC premises. If for any reason, the information needs to be taken away such as for a meeting or a conference outside of the ITPROSEC, special care should be taken to ensure that the ITPROSEC classified information is not compromised in vehicles, conference centres, meeting rooms or public places, including any other area outside of the ITPROSEC premises. Table 7 identifies off-premises protection measures across the classification levels.

Table 7: Use Away from ITPROSEC Premises

Type	Low	Medium	High
Authorization	Approved Individual / group Requires business owner authorization for use away from ITPROSEC Premises	Approved Individual / group Requires business owner authorization for use away from ITPROSEC Premises	Select approved Individual Requires business owner authorization for use away from ITPROSEC premises
All electronic storage media and mobile devices	Keep information in encrypted removable media, mobile devices, secured using physical locks or on-person when not in use Do not disclose or leave unattended Encryption device is mandatory for information stored on removable media or mobile devices	Keep information in encrypted removable media, mobile devices physically locked away, secured using physical locks or on-person when not in use Do not disclose or leave unattended Encryption mandatory for information stored on removable media or mobile devices	Keep information in encrypted removable media or mobile, devices physically locked away, secured using physical locks or on person when not in use Must not disclose or leave unattended Encryption mandatory for information stored on removable media or mobile devices

Access control refers to permissions and limitations for disclosing ITPROSEC classified information. Access to information stored in the ITPROSEC Systems is addressed by assigning privileges based on the individual’s “need to know” and their role. Table 8 identifies the measures required to manage and track access and disclosure activities for ITPROSEC information across the classification categories.

Table 8: Access Protection Measures

Type	Low	Medium	High
User authentication	User access with unique user ID and password A strong authentication required to access internal ITPROSEC applications remotely Password encrypted in transmission and storage	User access with unique user ID and password A strong or two factor authentication required to access internal ITPROSEC applications remotely Password encrypted in transmission and storage	User access with unique user ID and password Second authentication required to confirm access or Two-factor authentication required to access internal ITPROSEC applications remotely Password encrypted in transmission and storage
User authorization and access control	Business Owner’s approval required Access granted based on need to know At a minimum, security assigned by group. (User receives all access privileges assigned to the group.)	Business Owner, or designated Business Steward, approval required Access granted based on need to know At a minimum, security assigned by group. (User receives all access privileges assigned to the group.)	Business Owner/ Manager approval mandatory Access granted based on need to know Security group or individual based on role in function or organization
User access reviews	Access reviews conducted every six (6) months	Access reviews conducted every six (6) months	Access reviews conducted every three (3) months
System security logs	Log security relevant access or actions Logs subject to records retention requirements as appropriate	Log security relevant access or actions Logs subject to records retention requirements as appropriate	Log security relevant access or actions; continual security monitoring for unauthorized activity and intrusions mandatory Logs subject to records retention requirements as appropriate

Note: Classified systems must comply with ITPROSEC Security Baselines (or equivalent). See the Technical Security Baselines for additional information.

8.1 Information Security:

The Information Security Office (ISC) who oversees the ITPROSEC information Security Program and maintain overall security by:

Developing and implementing ITPROSEC wide information security program.
Documenting and disseminating information Security policies, procedures, standards and guidelines.
Identifying, reviewing risk associated to the operational or the change and providing necessary recommendation.
Coordinating the development and implementation of ITPROSEC information security training and awareness program
Coordinate a response to actual or suspected breaches in the confidential, integrity or availability of ITPROSEC Data.

8.2 Data Steward:

A Data Steward who oversees the lifecycle of one more sets of ITPROSEC Data. Responsibility of Data Steward includes the following:

Serves, Commission-wide, as the central point of contact and knowledge for the data under their stewardship
Is responsible for implementing DG practices and solutions – including participating in the change of Branch / Office business processes – as mandated by the DG Steering Committee and directed by the DGWG
Is responsible for providing and maintaining data definitions
Is responsible for attainment of metrics set for data by the DG Steering Committee
Is able to prioritize issues related to the data in their stewardship
Identifies/defines mandatory/critical data elements that need to be measured or treated separately
Maintains and updates DQ & MDM business rules
Identifies, manages and escalates as needed critical data management issues and risks
Together with Data Owners, identifies resources to participate in data-related issue resolution
Together with Data Owners, reviews and provides input to data model for their data domain
Target ITPROSEC organizational alignment: Manager

8.3 Data Owner:

A Data Owner has administrative control and has been officially designated as accountable for a specific information asset dataset with the following definition:

Accountable for the definition, quality, and compliance to standards/regulations of the data in their data domain[1]
The goal of the Data Owner to ensure that the data within their domain is fit for use by ensuring that DG Practices {i.e. Policies, Standards, Processes, and Procedures in DG, DQ, MM and MDM/RDM} are deployed. This includes the following key tasks:
- Ensures that data definitions are provided by Data Stewards for the data domain
- Contributes to and approves data duplicate identification (i.e. matching and survivorship rules) for master data in their domain
- Together with Data Stewards, identifies and mobilizes resources to participate in data-related issue resolution
- May contribute to data access policies and controls within their data domain, along with whoever manages this agenda within IT
Ideally, understands usage, consumption and value of data in their ownership across the broader organization
Familiar with Data Management and Governance roles, principles and processes
Contributes to identifying the scope of a domain
Proposes Data Steward appointments to the DG Steering Committee
Provides agreed-upon reporting on DG performance metrics for their domain (i.e. DQ, MM, MDM/RDM, compliance) to the DG Steering Committee
Proposes feedback to and seeks clarification about policies, processes and procedures related to the data in their domain from DGWG and the DG Steering Committee

8.4 Records and Information Management:

Records and Information Management is a unit in the ITPROSEC which provides records management advice, support, and services to staff such as:

Reference and retrieval
Information and records management compliance advice and best practices guidance
Secure shredding of paper documents
Secure destruction of electronic media.

The following resources provide additional guidance for protecting the ITPROSEC information:

ITPROSEC Information and Records Management Policy
ITPROSEC Employee Information Security Handbook v0.9 DRAFT.docx
ITPROSEC Data Governance Program Framework
ITPROSEC Technical Security Baselines
ITPROSEC Records Retention Schedules
Protecting ITPROSEC Information When Outside the Office
Freedom of Information and Protection of Privacy Act

Appendix A –Terms and Definitions

This appendix identifies commonly used terms used throughout this standard.

Term	Definition
Application	A software program that performs a specific function directly for a user.
Authentication/Two-factor Authentication	The process of verifying the identity or other attributes claimed or assumed by a user.
Authorized third party provider	A non-Employee or entity in a contractual arrangement for specific services with the ITPROSEC.
ITPROSEC approved secure data center	A facility operated by or on behalf of ITPROSEC whose sole function, operation, or use involves information technology equipment, systems and services. It utilizes a variety of environmental and operational measures for information storage, processing, transmission, and protection, and must meet a minimum of twelve (12) controls to be considered ITPROSEC approved.
Electronic messaging services	Services providing interpersonal communications capability to conduct ITPROSEC business. Electronic messaging services include, but are not limited to, electronic mail, text messaging, online chat, electronic fax, and other similar electronic communications services.
Encryption in transit	The protection of information at its point of origin and intended destination that cannot be read by someone or an application that is not authorized to it.
Encryption software	The content of the documents, pictures or files are protected by enabling password or compression with encryption. Some of encryption capable software are WinZip, WinRar, Word, Excel etc.
Enterprise database system	A collection of programs used to enter, organize, and select data in a database, and is licensed for business use. Examples of enterprise database systems include IBM DB2 Enterprise Server, Oracle Database, and Microsoft SQL Server Enterprise.
File storage system	A physical device used for large scale implementation onto which information is recorded or stored.
Mobile device	A portable computing and communications device with information storage capability. Mobile device includes, but is not limited to, laptop computer, smartphone, tablet computer, cellular telephone, digital camera, and audio recording device.
Removable media	Any electronic information storage device used to store data for specific and legitimate purposes. Removable media includes, but is not limited to: magnetic storage devices such as back-up tapes, floppy disks, removable hard drives; cartridges, including digital audio tape (DAT), optical disks in compact disc (CD) and digital video disc (DVD) format; static memory devices such as flash memory cards, USB flash drives, and thumb key drives;
Secure access connection	A secure network connection that is connect between ITPROSEC network and from the outside public network such as the Internet or other non-ITPROSEC networks (e.g. GoToMyPC). Its purpose is to secure connection from the remote users from getting access to ITPROSEC information assets.
Third Parties	Third parties entities/companies work with ITPROSEC such as Manage Service provider, Data center provider, outsourcer or external professional services.

Appendix B –Protection Measures Summary

This appendix summarizes the protection measures required for each information data classification and control. This reference is intended for all Employees and Third Parties who works/handles with ITPROSEC information.

Refer to the ITPROSEC Record and Information Policy for classification, Freedom of Information and Protection of Privacy Act for requirements for the collection, use, disclosure and protection of information classified as “Personal Information.”

http://www.ITPROSEC.com/en/statements_privacy_index.htm

http://intranet.ITPROSEC.com/5793.htm

ELECTRONIC MESSAGING SERVICES	ELECTRONIC DOCUMENTS / FILES	DATABASES/ FILE STORAGE SYSTEMS/ APPLICATION	REMOVABLE MEDIA	MOBILE DEVICE	HARDCOPY	VOICEMAIL / PHONE	DISPOSAL
For Internal Use	Mark ‘Low’ or in the Message Sensitivity setting, where available, or Subject line Encryption recommended	Mark ‘Low’ or ‘Internal’ on every page, view, or document meta-data Encryption recommended	Mark ‘Low’ or ‘Internal’ in meta-data, online screen displays and reports Encryption recommended Accessed via ITPROSEC approved Secure Connection Method (GoToMyPC) or authorized Third Party Provider	Mark ‘Low’ or ‘Internal’ on exterior / adhesive label, where feasible Encryption recommended Secured in locked container, cabinet or drawer when not in use Do not leave unattended	Encryption recommended Do not leave unattended	Mark ‘Low’ or ‘Internal’ on every page Secured in locked container, cabinet or drawer when not in use Facsimile transmission permitted when sender and receiver present Sent in protected envelope using normal post Do not leave unattended	Recipient can be identified and spoken to Voicemail identifies classification; messages deleted when no longer required Information not discussed in public place where it may be overheard Discussions via mobile phone conducted with discretion	Data on removable media, mobile devices, and hard drives irretrievably deleted prior to reuse or destruction Cross cut shredding or ITPROSEC approved secure waste disposal service mandatory for hard copy documents
High	Mark ‘High’ in the Message Sensitivity setting, where available, or Subject line Encryption mandatory	Mark ‘High’ on every page, view, or document meta-data Encryption mandatory	Mark ‘High’ in meta-data, online screen displays and reports Encryption recommended for enterprise database systems within ITPROSEC approved secure data center; otherwise encryption device or mandatory Encryption in transit recommended between servers within ITPROSEC approved secure data center; otherwise encryption mandatory Accessed via ITPROSEC approved Secure Access Method ‘GoToMyPC’ or authorized Third Party Provider only	Mark ‘High’ on exterior / adhesive label, where feasible Encryption mandatory Secured in locked container, cabinet, drawer, or safe when not in use Do not leave unattended	Encryption mandatory Do not leave unattended	Mark ‘High’ on every page Secured in locked container, cabinet, drawer, or safe when not in use Facsimile transmission not permitted Sent in protected envelope or tamper evident packaging by bonded courier; delivery tracking and recipient confirmation required Do not leave unattended	Voicemail not permitted Information not discussed in public place where it may be overheard Discussions conducted via mobile phone with discretion	Data on removable media, mobile devices, and hard drives irretrievably deleted prior to reuse or destruction Cross cut shredding or ITPROSEC approved secure waste disposal service mandatory for hard copy documents

Appendix C –Information Classification Examples

This appendix lists the official classifications in use at ITPROSEC. For questions regarding classification of information not listed in this appendix, please contact the business owner or business steward for the appropriate business function.

Sensitivity Level	Risk	Access	Protective Safeguards
Unclassified	None	Public	None
Low	Low	Internal employee use only	Consult with business owner
Medium	Medium	Select /Approved Group of Employees	Consult with business owner / Record and Information Consider using protective safeguards like Follow-You printing or header/footer
High	High	Select/Approved Individuals	Consult with business owner /Record and Information Apply header or footer with sensitivity level Use Follow-You printing Do not use Inter-Office Mail Identify sensitivity level in the subject of an email or body.

Functional Area	Medium	High
Legal	Regulatory Report Legal Notice	Enforcement information of the company or director
Finance	ITPROSEC Financial report	Negotiation or Financial information submitted for Merger & Acquisition (M&A)
Human Resources	Completed employee performance reviews	Investigation on Employees
Information Technology	Security Policy, Procedures, Standard Technical Security Baseline System Architecture diagrams	ITPROSEC network design, IP address, documents, system security configuration, parameters ITPROSEC internal IP address, network password
Executive	Executive Travel Plans	Confidential information submitted for Derivatives, Merger and Acquisition (M&A)

http://intranet.ITPROSEC.com/3377.htm

http://intranet.ITPROSEC.com/5467.htm

http://intranet.ITPROSEC.com/documents/HowTo_MI_AppropriateUseOfITPROSECInformationAndComputingResourcesPolicy_20141215_(updated_20140114).pdf

For details contact [email protected] or at Ext. 3735 or [email protected] or at Ext. 3779

APPENDIX D- Roles and Responsibilities

All employees working at the ITPROSEC must maintain accurate and reliable records that fairly reflect all of our business transactions in order to meet our legal and financial obligations.

Employees must be aware of and understand the Data Classification and Control Policy, Information and Records Management Policy.

For more information, visit the links below:

http://intranet.ITPROSEC.com/4412.htm

http://intranet.ITPROSEC.com/documents/HowTo_MI_ITPROSECInformationAndRecordsManagementPolicy2017_RecordsOfficerDescription.pdf

http://ITPROSECer/otcs/livelink.exe/properties/3515891

APPENDIX E- Resources for Assistance

ITPROSEC Information and Records Management Policy

Enterprise Connect\ITPROSECer\Enterprise\Corporate Services\Information Services\00 Records and Information Management

ITPROSEC Employee Information Security Handbook v0.9 DRAFT.docx

Enterprise Connect\ITPROSECer\Enterprise\Corporate Services\Information Services\18 –

Security\Employee Information Security Handbook

ITPROSEC Data Governance Program Framework