Information Classification and Handling Policy

Effective Date : 8 Jan 2021
Version: v1.0


Purpose

The aim of the policy is to ensure that information is appropriately protected from loss, unauthorised access, or disclosure. This policy helps to facilitate the identification of information to support routine disclosure and active dissemination of information. It also helps to protect the intellectual property of Workforce Cloud Tech, Inc.

Scope

This policy applies to all of our information, irrespective of the data location or the device it resides on. It should be used by all our employees and any third party working on our behalf who have access to IT assets of Workforce Cloud Tech, Inc.

Accountabilities

  • All personnel - Responsible
  • Legal - Responsible, Accountable, Consulted
  • Executives - Responsible, Accountable, Consulted
  • Security - Responsible, Consulted

Requirements

All Workforce Cloud Tech, Inc. personnel with questions about the information classification of a specific data element or information asset shall contact the Information Security Department.

Workforce Cloud Tech, Inc. categorizes information into four classes: Confidential, Product / Process / Department specific, Internal, and Public.

1) Confidential

The information assets which have high confidentiality value belong to this category. Only a limited set of authorized users shall access these information assets.

Examples

1) Sensitive personal information about customers
2) Financial account numbers, credit or debit card numbers, and other financial information
3) Individual credit data, such as credit scores, credit card debt, or hard inquiries, that is tied to name, account numbers, or other identifying information
4) Data "en masse," such as ALL customer names or ALL phone numbers
5) Passwords, PINs, access codes, security codes
6) Employee records, Corporate financial information, Network diagrams and other system information

2) Product / Process / Department specific

The information assets that contain data pertaining to the needs of a specific department, project team, or business process, belong to this category. Such information assets shall be accessible to members of the concerned department, project, or business process only.

3) Internal

The information intended for Workforce Cloud Tech, Inc. use only and Non-public information that does not reach the sensitivity of Confidential

Examples

1) Usage information about customer actions on the Workforce Cloud Tech, Inc. site, such as viewing a page, trying to sign up, or accepting a credit card offer, in conjunction with identifiable information
2) Publicly posted content, such as customer reviews on an item and Contracts

4) Public

The information assets which do not have any confidentiality requirement and / or can be disseminated to the general public belong to this category.

Examples

1) Customer information that is publicly available or in an aggregate form that cannot be identified to a particular individual
2) Job postings
3) Blog Posts
4) Corporate contact information
5) Public facing web pages

Following are the policies for secure handling of information assets of Workforce Cloud Tech, Inc.

1) Handling and labeling of all media shall be according to its indicated classification level.

2) Depending on the classification of information, electronic transmission, copying and distribution of copies of such information, shall require prior approval of Information Security Department as applicable.

3) Mailing or shipment of confidential information shall require that information be sent through a reputed mail service with proper authentication.

4) Confidential information shall be stored with proper security.

5) Disposition of confidential and Product / Process / Department specific information shall require shredding in the presence of  CEO/ Directors/ VPs/ Process In-charge, as applicable.

6) Appropriate access restrictions shall be applied to prevent access from unauthorized personnel.

7) Information processing operations shall ensure the following: that input data is complete, that processing is properly completed, and that output validation is applied.

Verbal Communication

Personnel shall use caution when discussing Confidential or Internal information in public locations, and shall not leave Confidential or Internal Information in voice mails

Off-Site Assets

Personnel shall not leave Workforce Cloud Tech, Inc.  Internal or Confidential information assets unattended in public locations.

Facsimile Machines ​

Internal and Confidential information may not be sent via facsimile (fax) machines.

Enforcement

Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR Policy / Staff Regulation Act of Workforce Cloud Tech, Inc..