Document labelling¶
Background¶
Fortytwo Technologies principles in regards to information protection and document labelling
This section only focus on classification of information based on the informations sensitivity and the intended audience. We will not handle protection of the infomation in this section, protection will build on the label definition, usage guidelines and the systems Fortytwo use.
Public¶
Information available to all audience, with no specific access restrictions. Information labelled with this classification present no risk if information is shared outside Fortytwo Technologies organisation.
Examples of information
- Information published to docs.fortytwo.io
- Product and services datas sheets
- Security
- General security briefings and heads-up to customers
- How-tos and guides with no customer specific information
Standard¶
Information intended for members of Fortytwo Technologies organization only. Information in this category should not be shared outside of Fortytwo information domain, however - the information in this class would not present financial or legal risk if shared outside of Fortytwo information domain.
Examples of information
- Product documentation
- Internal guidelines, code of conduct or employee benefits
Restricted¶
Information limited to named recipients, which can be both internal or external to Fortywo Technologies. Restricted is to be used when the information needs to be secured as instructed in laws or regulations, or if its content could be damaging Fortytwo technologies, either financially or through loss of reputation.
Examples of information
- Business strategic information
- Security incident handling with customers
- Customers system documentation
## GDPR ##
Data and information which is subject to protection under GDPR, this includes both basic basic information like names and addresses, but also more sensitive categories, such as special categories of personal data which reveal racial or ethnic origin, political or religious beliefs, trade union membership, genetic or biometric data, and data concerning health, sex life, or sexual orientation
- Information containing PII for employees
- Name, address, date of birth, and telephone number
-
- Identification numbers like Social Security Numbers or passport numbers
- IP adresses, online cookies, and other online identifiers
- Location data
- Images and videos
- Financial information
- School or employment records