London Borough of Enfield
Information Classification Policy
Author
Mohi Nowaz
Classification
Owner
Version
IGB
2.4
Issue Status
Page
OFFICIALPUBLIC
FINAL
1 of 13
Date of First Issue
04/10/2012
Date of Latest Re-Issue
Date approved by IGB
Date of next review
20/01/2016
25/01/2016
20/01/2018
CONTENTS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11
12.
13.
14.
Introduction ......................................................................................... 3
Aim of the Policy ................................................................................. 3
Scope ................................................................................................... 3
Information Asset Classification and Control .................................. 4
Classification Guidelines.................................................................... 4
The Council’s Classification Scheme ................................................ 5
Accountability for Information Assets .............................................. 7
Information Labelling and Handling Procedure ............................... 8
Key Principles for all Protectively Marked material ......................... 8
Information Security Classifications ................................................. 8
Information Marking and Handling .................................................. 10
Enforcement Monitoring ................................................................... 12
Information Security Incidents ......................................................... 12
Supporting Policies........................................................................... 13
Information_Classification_Policy_v2.4
Page 2 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
1. Introduction
1.1
Information is a valuable asset and aids a local authority to carry out its
legal and statutory functions. The information that the London Borough of
Enfield (LBE) processes can be highly confidential and very personal and
therefore the Council has a legal duty to take care of it. Like any other
strategic asset, information must be protected appropriately depending on the
level of sensitivity of the information.
1.2
This document will explain Information Classification, the evaluation of
risk, the assessment of confidentiality requirements and the procedure for
classifying information and the levels of classification.
1.3
Anyone who uses the Council’s systems should be made aware of and
be expected to comply with this policy and need to understand that the
Council has a responsibility to ensure that staff must be cleared and trained to
handle protectively-marked information.
2. Aim of the Policy
2.1
The aim of this document is to ensure that LBE’s information assets
receive an appropriate level of protection.
A classification scheme shall be used to indicate the need and priority for
security protection in order to ensure that:
 The appropriate level of sensitivity of information is recognised
 The appropriate method of handling and storing the information is
identified and information is protected accordingly
 Employees are aware of different sensitivity levels and can apply
appropriate controls.
3. Scope
3.1
This policy applies to all employees, contractors, agents and
representatives and temporary staff working for or on behalf of the council.
3.2
The Policy is also applicable to Members who create records in their
capacity as representative of the Council. When Members create records
when acting as representatives of a resident in their ward they are
recommended to apply the policy but officers should consider whether it has
been correctly applied on receipt of a member’s’ enquiry. It does not apply to
those records Members create when acting as a representative of a political
party.
3.3
This policy applies to all information created or held by the council, in
whatever format (e.g. paper, electronic, email, microfiche, film) and however it
is stored, (for example ICT system/database, network drive folders, email,
filing cabinet, shelving and personal filing drawers) as well as that
communicated verbally.
Information_Classification_Policy_v2.4
Page 3 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
4. Information Asset Classification and Control
4.1
Asset classification and control is an essential requirement, which will
ensure the Confidentiality, Integrity and Availability of information used
by the Council. An information classification system is used to define
appropriate protection levels and to communicate the need for special
handling measures. Each information asset is classified to indicate its
sensitivity and to identify the controls required to protect it.
4.2
The new Government Security Classification Policy (GCSP) came into
effect as from 2nd April 2014 and replaces the old Government
Protective Marking Scheme (GPMS) that was in place prior to that
date.
4.3
The intention of the new classification to provide a more
straightforward, proportionate and risk managed approach to the way
that the public sector classifies and protects information, with more
onus on staff taking individual responsibility for the information they
manage.
4.4
The Council has adopted the Government’s revised information
classification policy which moves from the three levels of classification
that the Council was using to one level of classification for all Council
information.
4.5
The Government’s classification scheme is widely used by government,
local authorities and statutory agencies so that there is a common
understanding across organisations as to how information needs to be
protected.
5. Classification Guidelines
5.1
ALL information that the Council needs to collect, store, process,
generate or share to deliver services and conduct Council business has
intrinsic value and requires an appropriate degree of protection, whether in
transit, at rest or whilst being processed.
5.2
Information classification or protective marking of information assets
are used to:
 Determine the level of protection needed for the data
 Indicate that level of protection to other people
 Established a consistent approach to ensuring that data is appropriately
protected.
5.3
Classification and protective information controls are established to
meet with the Council’s need for sharing or restricting information. Information
Information_Classification_Policy_v2.4
Page 4 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
classification and their protective controls will be suited to the business need
for sharing or restricting information and the business impact associated with
such a need.
5.4
Classified data will be reviewed on a regular basis to assess if the
security control is appropriate. The level of criticality of information assets will
change due to changes in circumstances and / or expiry of legal retention
periods.
6. The Council’s Classification Scheme
The new government classification scheme has three levels of
classification. These are TOP SECRET, SECRET and OFFICIAL.
6.1
The Council will only be using the OFFICIAL classification. However,
the OFFICIAL classification also includes a handling caveat of OFFICIALSENSITIVE in order to identify information that should only be available on a
strictly need to know basis and may need additional measures of protection.
These classifications should be applied to all information including emails,
paper documents, electronic documents, systems etc.
6.2
6.3
All Council information will be classified as OFFICIAL. This recognises
that all council information assets have a value and should be handled with
care. As this is a broad category and there will be variety of handling
instructions associated with this information, the Council is introducing subcategories that give clear guidance on access arrangements for the
information. These are:
OFFICIAL - No sub-category is applied and users will need to insert their
own handling guidance as required. If no handling guidance is provided
then it will be treated as public information. This will be useful in
communications involving external organisations where the sub-categories
below are not appropriate.
OFFICIAL – PUBLIC – this is publicly available information or information
where there is little or no damage if released
OFFICIAL – ALL STAFF – this is information that is widely available to all
staff
OFFICIAL – RESTRICTED ACCESS – this is information where there is
restricted access and a requirement for a ‘need to know’
OFFICIAL – MEMBERS – this is information that is only available to all
members/specific members
OFFICIAL – PRIVATE AND CONFIDENTIAL CORRESPONDENCE – this
is emails/letters written to an individual containing their personal data
OFFICIAL–SENSITIVE – this caveat is used at the discretion of staff
depending on the subject area, context and any statutory or regulatory
requirements where it is particularly important to enforce the need to
know rules.
6.4
Whilst the four sub-categories have been adopted by Enfield Council to
provide guidance to staff about handling requirements, the OFFICIALSENSITIVE caveat is an integral part of the government’s classification
Information_Classification_Policy_v2.4
Page 5 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
scheme and will be recognised by the government and other statutory
organisations as requiring additional measures of protection and distribution
on a strict need to know basis.
6.5
Personal data in systems or documents would usually be classified as
OFFICIAL-RESTRICTED ACCESS and OFFICIAL-SENSITIVE should be
protected by relevant access controls.
6.6
Any information that is not marked will be assumed to be OFFICIAL –
PUBLIC.
6.7
The OFFICIAL-SENSITIVE caveat should be used at the discretion of
staff depending on the subject area, context and any statutory or regulatory
requirements where it is particularly important to enforce the need to know
rules.
However, the caveat should be used by exception in limited circumstances
where there is a clear and justifiable requirement to reinforce the ‘need to
know’ as compromise or loss could have severe and damaging consequences
for an individual (or group of individuals), another organisation or the Council
more generally. This might include, but is not limited to the following types of
information:
 The most sensitive corporate or operational information, e.g. relating to
organisational change planning, contentious negotiations, or major
security or business continuity issues;

policy development and advice to members/CMB on contentious and
very sensitive issues;

commercial or market sensitive information, including that subject to
statutory or regulatory obligations, that may be damaging to the Council
or to a commercial partner if improperly accessed;

Information about investigations and civil or criminal proceedings that
could compromise public protection or enforcement activities, or
prejudice court cases;

more sensitive information about security assets or equipment that
could damage capabilities or effectiveness;

very sensitive personal data that would be extremely damaging to an
individual if lost or compromised, e.g. child protection cases, HR
compromise agreements,

Government data where they have defined it as OFFICIAL-SENSITIVE
and insist on strict sharing protocols
6.8
OFFICIAL-SENSITIVE data cannot be shared externally except
through an approved secure email system/secure network or appropriate data
encryption and password protection and should be accompanied by a defined
distribution list. Data sharing with external organisations must be in line with
corporate data sharing agreements or contract terms.
Information_Classification_Policy_v2.4
Page 6 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
6.9
Where large volumes of OFFICIAL-SENSITIVE information about
particular topics are regularly shared between organisations, the respective
information asset owners will need to agree specific handling arrangements
and transfer protocols in line with the policy.
6.10 A classification of OFFICIAL – RESTRICTED ACCESS or OFFICIALSENSITIVE does not necessarily exempt the information from a Freedom of
Information Act request but it should prompt you to consider if an exemption
applies.
6.11 On creation, all information assets must be assessed and classified by
the owner according to their content. All information assets must be classified
and labelled in accordance with this policy.
7. Accountability for Information Assets
7.1
An Information Owner must be assigned for each identified information
asset/system and must be at Head of Service level. Accountability to an
identified owner helps to ensure appropriate protection is maintained. The
Information Owner may delegate responsibility for the implementation of
controls, however accountability for the implementation of controls and their
enforcement will stay with the information owner at all times.
7.2
The Information Owner role, in order for business to be transacted
within an acceptable level of risk, includes, but is not limited, to:
 understanding what information is held and how it is used;
 determining the business requirements for the use of the information
and signing them off;
 determining who has access to it and why, and signing off the access
privileges;
 ensuring information and systems are prioritised in line with their
importance to the organisation;
 defining information sharing agreements and data interchange
agreements;
 developing service level agreements in relation to the information;
 assigning the information classification to the asset;
 authorising disclosure of information from the systems to third parties;
 authorising new or significant changes to the system;
 being involved in security audits and reviews;
 ensuring users are aware of their responsibilities and can fulfil them.
7.3
Information asset/system owners should regularly review user access
rights. Users are those staff, contractors and suppliers who access and
process information on behalf of the Council. By default, members of staff
should not have access to systems containing personal information. Where
Information_Classification_Policy_v2.4
Page 7 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
access is deemed necessary, it should be given to the smallest possible subset of records.
8. Information Labelling and Handling Procedure
8.1
A set of procedures is defined for information labelling and handling in
accordance with the classification scheme adopted by the Council. All
documents must be issued under version control with the file name and
revision number and number of pages displayed in the footer. Where
appropriate, the document will also contain its security classification and
distribution list.
9. Key Principles for all Protectively Marked material
9.1
The key principles for protectively marked material are as follows:
 Access is granted on a genuine ‘need to know’ basis.
 Assets must be clearly and conspicuously marked. Where this is not
practical (for example the asset is a building, computer etc.) staff must
still have the appropriate personnel security control and be made
aware of the protection and controls required.
 Only the author or designated owner can protectively mark an asset.
Any change to the protective marking requires the author or designated
owner's permission. If they cannot be traced, a marking may be
changed, but only by consensus with other key recipients.
 A file, or group of protectively marked documents or assets, must carry
the protective marking of the highest marked document or asset
contained within it (e.g. a file containing OFFICIAL- PUBLIC and
OFFICIAL - SENSITIVE material must be marked OFFICIAL SENSITIVE).
10.
Information Security Classifications
10.1 The classification will determine how the information should be
protected and who should be allowed access to it as described below.
10.2 It is important to ensure that we neither over nor under protect
information. The Council has adopted the revised Government Security
Classification scheme. More information on the OFFICIAL AND OFFICIALSENSITIVE classifications is provided below.
Information classification
OFFICIAL
The vast majority of Council
information will be classified as
‘OFFICIAL’. This recognises
that all council information
assets have a value and should
be handled with care. As this is
a broad category and there will
be variety of handling
Description
Handling instructions should be provided as
appropriate if a sub-category is not selected
or requires additional instructions to make it
clear who should have access to the
information.
Sub categories:
 OFFICIAL – PUBLIC – this is publicly
available information or information
Information_Classification_Policy_v2.4
Page 8 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
instructions associated with this
information, the Council is
introducing sub-categories that
give clear guidance on access
arrangements for the
information.




OFFICIAL-SENSITIVE
Staff should use their discretion
to determine those instances
where it will be appropriate to
use the OFFICIAL-SENSITIVE
caveat as this will vary
depending on the subject area,
context and in some cases, any
statutory or regulatory
requirements where it is
particularly important to
enforce the need to know
rules.
However, the caveat should be
used by exception in limited
circumstances where there is a
clear and justifiable requirement
to reinforce the ‘need to know’
as compromise or loss could
have severe and damaging
consequences for an individual
(or group of individuals), another
organisation or the Council more
generally.
where there is little or no damage if
released (previously classified as
UNCLASSIFIED)
OFFICIAL – ALL STAFF – this is
information that is widely available to
all staff
OFFICIAL – RESTRICTED ACCESS
– this is information where there is
restricted access and a requirement
for a ‘need to know’
OFFICIAL – MEMBERS – this is
information that is only available to all
members/specific members
OFFICIAL – PRIVATE AND
CONFIDENTIAL
CORRESPONDENCE – this is
emails/letters written to an individual
containing their personal data
This might include, but is not limited to the
following types of information:
 The most sensitive corporate or
operational information, e.g. relating to
organisational change planning,
contentious negotiations, or major
security or business continuity issues;

policy development and advice to
members/CMB on contentious and
very sensitive issues;

commercial or market sensitive
information, including that subject to
statutory or regulatory obligations, that
may be damaging to the Council or to
a commercial partner if improperly
accessed;

Information about investigations and
civil or criminal proceedings that could
compromise public protection or
enforcement activities, or prejudice
court cases;

more sensitive information about
security assets or equipment that
could damage capabilities or
effectiveness;

very sensitive personal data that
Information_Classification_Policy_v2.4
Page 9 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
would be extremely damaging to an
individual if lost or compromised, e.g.
child protection cases, HR
compromise agreements,

Government data where they have
defined it as OFFICIAL-SENSITIVE
and insist on strict sharing protocols
10.3 The appropriate classification for most LBE documents is OFFICIALSENSITIVE will only be appropriate in a limited number of cases.
11 Information Marking and Handling
11.1 OFFICIAL and OFFICIAL-SENSITIVE
Classification
Marking
Document
Marking
requirements
OFFICIAL
Storage
Requirements
Distribution
Requirements
Recommended
Disposal
Dependent on
handling
instructions.
Minimum
requirements
as per
OFFICIALPUBLIC
Dependent on
handling instructions.
OFFICIAL- PUBLIC
this is publicly
available
information or
information where
there is little or no
damage if released
(previously
classified as
UNCLASSIFIED
OFFICIAL – ALL
STAFF
This is information
that is widely
available to all staff
OFFICAL –
PUBLIC
Information
specifically
created for
external
publication
should not be
marked.
No specific
requirement
other than it
still must
comply with
Clear Desk
Policy
No specific
requirement
Dependent on
handling
instructions.
No specific
requirement
other than in
accordance
with agreed
Retention
Policy
No specific
requirement
other than in
accordance
with agreed
Retention
Policy
OFFICIAL –
ALL STAFF
Must only be shared
with staff employed or
with Agency staff (if
appropriate).
OFFICIAL –
RESTRICTED
ACCESS
OFFICALRESTRICTED
ACCESS
Staff should
also consider
No specific
requirement
other than it
still must
comply with
Clear Desk
Policy
Must be stored
in locked
cupboards or if
a system
access must
OFFICIAL
This is information
Can only be shared
with intended
restricted access
people.
No specific
requirement
other than in
accordance
with agreed
Retention
Policy
From systems
in accordance
with agreed
Retention
Policy and if
Information_Classification_Policy_v2.4
Page 10 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
Classification
Marking
Document
Marking
requirements
any handling
guidance
e.g. OFFICIAL –
RESTRICTED
ACCESS – For
external
authorised
recipients via
secure email
OFFICIAL –
RESTRICTED
ACCESS – For
Adoption Team
members only
Storage
Requirements
Distribution
Requirements
Recommended
Disposal
be strictly
controlled.
Where
appropriate
password
protect
individual
documents.
If external to the
council you must
have appropriate
information sharing
protocols in place.
hard copy then
has to be
shredded and
placed in
Confidential
Waste
bins/sacks.
OFFICIAL MEMBERS
Must be stored
in locked
cupboards or if
a system
access must
be strictly
controlled.
Where
appropriate
password
protect
individual
documents.
Only to Members
From systems
in accordance
with agreed
Retention
Policy and if
hard copy then
has to be
placed in
Confidential
Waste
bins/sacks.
OFFICIAL –
OFFICIAL –
PRIVATE AND
PRIVATE AND
CONFIDENTIAL
CONFIDENTIAL
CORRESPONDEN
CE
This is emails/letters
written to an
individual containing
their personal data
Must be stored
in locked
cupboards or if
a system
access must
be strictly
controlled.
Only with data subject
and other Officers of
Council as necessary
(access would be
controlled).
OFFICIALSENSITIVE
This will vary
depending on the
subject area,
context and in some
Must be stored
in locked
cupboards or if
a system
access must
be strictly
Can only be
distributed outside of
the Council network if
the information is
password protected
and encrypted.
From systems
in accordance
with agreed
Retention
Policy and if
hard copy then
has to be
placed in
Confidential
Waste
bins/sacks.
From systems
in accordance
with agreed
Retention
Policy and if
hard copy then
where there is
restricted access
and a requirement
for a ‘need to know’
OFFICIAL –
MEMBERS
This is information
that is only available
to all
members/specific
members
OFFICIALSENSITIVE
Staff should
include handling
guidance
additional on the
Information_Classification_Policy_v2.4
Page 11 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
Classification
Marking
cases, any statutory
or regulatory
requirements.
Document
Marking
requirements
document/email
e.g. OFFICIALSENSITIVE –
For SPOE
Team and
Police only
Storage
Requirements
Distribution
Requirements
controlled
Can only be
distributed to the
agreed people.
Any passwords that
protect the document
must be sent
separately.
Recommended
Disposal
has to be
shredded and
placed in
Confidential
Waste
bins/sacks.
Emails should be sent
via the Egress
security email system,
Secure Enhanced File
Transfer Facility or via
the
GCSX/Government
secure network
(where appropriate).
11.2 All data copied on media, (USB Flash memory, CD, etc) must be
encrypted provided that the necessary steps have been taken to gain
authorisation from the information owner / author.
12. Enforcement Monitoring
12.1 Monitoring of the policies is the responsibility of all managers as part of
their management role. Internal and External Audit may undertake reviews on
a planned and ad-hoc basis as part of the audit plan as agreed by the
Information Governance Board.
13. Information Security Incidents
13.1 The Council has a responsibility to monitor all incidents that occur
within the organisation that may breach the security and/or the confidentiality
of its information. All incidents need to be identified, reported, investigated and
monitored. It is only by adopting this approach that Enfield Council can learn
from its mistakes and prevent losses re-occurring.
13.2 The Council has developed and implemented an Security Incident
Response Policy, you should ensure that you read and understand both the
policy and your responsibilities under the reporting process. In all cases you
should complete the Information Security Incident / Risk Reporting Form,
available on Enfield Eye.
13.3 The Council also needs to take action where potential incidents are
identified. Where ‘near misses’ occur, these should be reported to your line
manager and a local decision taken as to whether the cause of the ‘near miss’
Information_Classification_Policy_v2.4
Page 12 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.
is one which could involve the enhancement of the policy or the process. If
this is the case the Information Security Incident / Risk Reporting Form should
be completed.
14. Supporting Policies
This policy should be read in conjunction with the following policies:
 Information Management Strategy
 Staff Information Security Policy
 Records Management Policy
 Data Protection Policy
 Freedom of Information Policy
 Specific Departmental Records Management Policies
Information_Classification_Policy_v2.4
Page 13 of 13
This is a CONTROLLED document. Any printed copy must be checked against the current
electronic version prior to use.