Sri Information Classification Policy
Information Classification Policy
SRI SOFTWARE provides fast, efficient, and cost-effective electronic services for a variety of clients worldwide.
As an industry leader, it is critical for SRI SOFTWARE to set the standard for the protection of information assets from unauthorized access and compromise or disclosure. Accordingly, COMPNAY has adopted this information classification policy to help manage and protect its information assets.
All SRI SOFTWARE associates share in the responsibility for ensuring that
SRI SOFTWARE information assets receive an appropriate level of protection by
observing this Information Classification policy:
- Sri Software Managers or information â€˜ownersâ€™ shall be responsible for assigning classifications to information assets according to the standard information classification system presented below. (â€˜Ownersâ€ have approved management responsibility. â€˜Ownersâ€™ do not have property rights.)
- Where practicable, the information category shall be embedded in the information itself.
- All Sri Software associates shall be guided by the information category in their security-related handling of Sri Software information.
All Sri Software information and all information entrusted to Sri Software from third parties falls into one of four classifications in the table below, presented in order of increasing sensitivity.
Information Category & Description Examples
Information is not confidential and can be made public without any implications for Sri Software. Loss of availability due to system downtime is an acceptable risk. Integrity is important but not vital.
- Product brochures widely distributed
- Information widely available in the public domain, including publicly available Sri Software web site areas
- Sample downloads of Sri Software that is for sale
- Financial reports required by regulatory authorities
- Newsletters for external transmission
Information is restricted to management approved internal access and protected from external access. Unauthorized access could influence Sri Software's operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital.
- Passwords and information on corporate security procedures
- Know-how used to process client information
- Standard Operating Procedures used in all parts of Sri Softwareâ€™s business
- All Sri Software-developed software code, whether used internally or sold to clients
Client Confidential Data:
Information received from clients in any form for processing in production by Sri Software. The original copy of such information must not be changed in any way without written permission from the client. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
- Client media
- Electronic transmissions from clients
- Product information generated for the client by Sri Software production activities as specified by the Client
Sri Software Confidential Data:
Information collected and used by Sri Software in the conduct of its business to employ people, to log and fulfil client orders, and to manage all aspects of corporate finance.
Access to this information is very restricted within the Sri Software. The highest possible
levels of integrity, confidentiality, and restricted availability are vital.
- Salaries and other personnel data
- Accounting data and internal financial reports
- Confidential customer business data and confidential contracts
- Non-disclosure agreements with clients\vendors
- Sri Software business plans