Document labelling¶
Background¶
In Fortytwo we have the following principles when labelling documents and data.
This section only focus on classification of information based on the informations sensitivity and the intended audience. We will not handle protection of the infomation in this section, protection will build on the label definition, usage guidelines and the systems Fortytwo use.
Open / Green¶
Information available to all audience, with no documents specific access restrictions. Information labelled with this classification present no risk to Fortytwo if information is shared outside Fortytwo organisation.
Examples of information in this class
- Information published to docs.fortytwo.io
- Product and services datas sheets
- Security heads-up and briefings to customers
Internal / Amber¶
Information intended for members of Fortytwo organization only. Information in this class should not be shared outside of Fortytwo information domain, however - the information in this class would not present financial or legal risk if shared outside of Fortytwo information domain.
Examples of information in this class
- Product documentation
- All work in progress for employees, except work needing Confidential label
- Financial information, like billable hours for engineers, monthly summaries and budgets
Confidential / Red¶
Information limited to individual recipients, which can be both internal or external to Fortywo. Confidential / Red is to be used if the information needs to secured as instructed by laws or regulations, or if its content could damage Fortytwo either financially or through loss of reputation.
Examples of information in this class
- Business strategic information
- New products in development, but not public
- Security incident handling with customers
- Information containing PII for employees