Information Sharing Protocols (IL1 to IL3)
Classification & Encryption Method
Using 7 Zip Software
Classifying Information
How does the information author/owner decide what the correct classification should be?
Any information sent out in an email should be risk-assessed in terms of its confidentiality and the impact resulting from that
information being released to unauthorised persons.
The diagram in APPENDIX A outlines the questions an information author/owner should ask in order to determine what
classification to apply.
Electronic Transmission
Information transmitted across public networks (e.g. the Internet) within the UK or across any networks overseas should be
encrypted using an approved system (7 Zip or Secure FTP transmission). Local user guidelines should identify appropriate
encryption methods for various types of information. In all emails containing IL1 to 3 type data please quote the IL rating at the
end of the subject line.
Encrypting your files (using 7-zip)
To increase the level of security, you are required to encrypt IL1 to IL3 data before sending it via email. Encryption is a
software tool that uses "scrambling" to make data unreadable. Once a message is encrypted, it will appear as a meaningless
garble of characters to anyone except the person who has the password to unscramble it.
To help you decide whether you need to encrypt any files before sending them, look at the three questions below. If you
answer ‘yes’ to any of them then you should use password protection and encryption.
For example:
•
•
•
Do you have data that could cause damage to the Council if it fell into the wrong hands?
Are there documents on your computer that are strictly confidential?
Do you send and receive email messages containing confidential information?
Encrypting a file using 7-zip
To encrypt a file you will need the 7–zip software installed on your machine. You can obtain the software by ringing the HITS
help desk (x2000). Once 7-zip is installed onto your computer you can use it to encrypt your files:
•
Launch 7-zip using the Start menu (Start - All Programs - 7-zip - 7-zip file manager).
•
In the 7-zip file manager locate the file that you want to encrypt.
•
Once you have located the file you want to encrypt, select it by clicking it once.
•
With the file highlighted, click 'Add.'
•
This will open a new window called 'Add to Archive.'
•
At the top of the left column change the 'Archive Format' to 'Zip' using the drop-down menu.
•
At the bottom of the right column check that the 'Encryption method' says 'AES-256.'
•
Above it, type your chosen password into the 'Enter password' text box.
•
Directly beneath it, re-enter your password into to the 'Re-enter password’ text box.
•
Please make sure that the ‘show password’ field is NOT ticked.
•
Click 'OK' to close the 'Add to Archive' window.'
•
Back in the file manager you can now see the encrypted and zipped file. You can identify it by its icon, which is of a
folder with a zip through it. You may need to use Ctrl + R to refresh the screen
•
You can now send the file as an email attachment but remember NOT to include the password in the same email.
Opening an encrypted file
To open an encrypted file using 7-zip:
•
In the email message window right click the zipped attachment.
•
Choose the ‘save as’ option and save it to your desired location on your computer. Click 'Save.'
•
Close the email message window.
•
Open 7-zip using the Start menu. This will open the 7-zip file manager.
•
Browse for your encrypted file using the drop down list of file locations.
•
Once you have located your file double click it to open the folder.
•
In the folder, select extract or double click the required document to open it.
•
At this point you will be asked to enter the password assigned to the encryption process. Enter the password and click
'OK.'
•
The document should open.
Best Practice for Password Setting:
•
Make passwords hard to guess (8-12 characters in length, alphanumeric with at least one capital letter and at least
one symbol include some special characters like ^%$£).
•
NEVER send out passwords in the same email as the encrypted file(s).
•
Always confirm the identity of the recipient before releasing passwords.
•
Inform recipients of passwords either face to face or by telephone.
APPENDIX A
INFORMATION CLASSIFICATION SCHEME
Information
Asset
National Security implications
Y
N
Likely to risk any party’s personal safety
Y
N
Likely to require active management to meet expected levels of
service
Y
N
Likely to result in undermined confidence in the service provider
generally
Y
N
Likely to cause a loss of up to £1 million
Y
N
Likely to cause significant financial loss to any party (eg loss of £10K
for an individual or sole trader; loss of £100K for a larger business or
organisation)
Y
N
Likely to cause prolonged distress for an individual citizen, or shortterm distress to many citizens
Y
RESTRICTED
(IL3)
N
Likely to cause loss of reputation for an individual citizen or
organisation
Y
N
Risk to any party’s personal safety (eg compromise of an address of
vulnerable person which is likely to put them at a moderate risk)
Y
N
Authority-wide disruption, compromise or flawed working of services
which could pose an increased risk to health (eg spread of disease)
Y
N
Cancellation of multiple services to a number (up to 1000) of citizens
leading to financial losses (up to £10K)
Y
N
Significant incident to which a Local Authority is not able to react within
24 hours which affects a large number of citizens/local businesses (eg
significant flooding, fire, contamination, explosion)
Y
N
Likely to hinder the detection, impede the investigation or facilitate the
commission of low-level crime; or hinder the detection of serious crime
(as defined in Legislation)
Y
N
Likely to cause a low-level criminal prosecution to collapse or cause a
conviction for a low-level criminal offence to be declared unsafe or
referred to appeal
N
Y
Go to next page
Likely to cause discomfit to an individual
Y
N
Likely to impact on the provision of service for one or many citizens
Y
N
Likely to reduce one or many citizens’ perception of the service
Y
N
Likely to cause a financial loss to the Public Sector of up to £10K
Y
N
Likely to cause a financial loss to any party (eg £100-£1000 for an
individual or sole trader; £1000-£10K for a larger business or
organisation)
Y
N
Likely to cause short-term discuss to an individual citizen
Y
N
Risk to any party’s personal safety (eg compromise of an address of
vulnerable person which is likely to put them at a low risk)
Y
PROTECT
(IL1 and IL2)
N
Likely to cause embarrassment to an individual citizen or organisation
Y
N
Disruption, compromise or flawed working of a local service which
could pose a risk to health
Y
N
Cancellation of services to a number (10-100) of citizens (eg closure of
a library or other facility)
Y
N
Isolated or minor incident to which a Local Authority is not able to react
within a few days which affects a number of citizens/local businesses
Y
N
Likely to cause substantial disruption or shutdown of Council
operations
Y
N
Likely to damage the Council’s operational security or effectiveness or
seriously impede Council policies
Y
N
May cause minor inconvenience to an individual citizen (eg short delay
in applying for a non-essential service)
Other internal documentation
Y
Y
N
Documentation specifically created for external publication or is in
Council's FOI publication scheme
Y
Unclassified
(IL0)
/
No Marking