For information to be handled properly, employees are required to have a working knowledge of the categorization of information into the three provided categories. Employees should be able to categorize the information before forwarding it further. If at some point, employees are confused about properly categorizing the information, the proper course of action is to classify it as confidential while an appropriate supervisor would later review and properly classify.
Public Data- As the name suggests, such data is usually open to the public and is easily available. Disclosure of such data does not put the firm in any kind of risk. however certain controls are required to be enforced on such data to prevent modification or destruction of the data by unauthorized parties.
Sensitive Data- Data is classified as sensitive data when disclosures of such information publically can result in potential risk for the organization or its people. Such information may be provided to others on a discretionary basis and under the supervision of the data owner.
Confidential Data – Confidential data is the most sensitive data within the organization and unauthorized disclosure of such information can result in significant risk for the firm. The highest level of security and control are applied on such information.
The System Impact level will determine the impact of activities on the system on a scale of one to five with five being the most crucial impact and one having the least crucial impact.