false
Catalog
PCI Training - Tom Wong
APPENDIX B - Data Classification and Handling Guid ...
APPENDIX B - Data Classification and Handling Guidelines
Back to course
Pdf Summary
The document provides guidelines for data classification and handling based on a four-level classification scheme. The four levels are: Restricted, Confidential, Private, and Public.<br /><br />Restricted data is the most sensitive and is accessible only to authorized employees, contractors, and business partners with a specific business need. The potential impact of loss of this data is significant, including negative impact on the company's competitive position and violating regulatory and contractual requirements.<br /><br />Confidential data is highly valuable and is classified internally by the company. It may be shared with authorized parties but must not be released to the general public. The potential impact of loss of this data is moderate.<br /><br />Private information, originated or owned by the company, may be shared with authorized personnel but should not be released to the general public. The potential impact of loss of this data is minimal or none.<br /><br />Public information can be freely shared both internally and externally and has no damaging impact or risk to business operations if exposed.<br /><br />The document also outlines general practices for handling different classifications of data. It highlights that information created or received by employees is private by default, unless it requires greater confidentiality or is approved for release to the general public. The most restrictive classification should be assigned when combining information with different sensitivity levels.<br /><br />Specific handling requirements are provided for each classification level, including storage, transmission, printing, copying, and disposal. The document also lists examples of sensitive data elements for each classification level.<br /><br />The final section of the document includes a revision history, references to other related documents, and the approval and ownership details.<br /><br />Overall, the document provides clear guidelines on classifying and handling different levels of data sensitivity to ensure proper protection and security.
Keywords
data classification
handling guidelines
four-level classification scheme
Restricted
Confidential
Private
Public
authorized employees
potential impact
loss of data
×
Please select your language
1
English