Page 42 - Ipsos
P. 42

Information Classification: Internal Use
                                                                      Ipsos Book of Policies & Procedures

                   TABLE OF CONTENTS

                   1.0    Summary .............................................................................................................................. 3
                   2.0    Purpose and scope ............................................................................................................... 3
                          2.1    Objectives ................................................................................................................ 3
                          2.2    Core Principles ........................................................................................................ 4
                          2.3    Scope ....................................................................................................................... 4
                          2.4    Applicability .............................................................................................................. 5
                   3.0    Responsibilities ..................................................................................................................... 5
                          3.1    Communication and Maintenance Responsibilities ................................................. 5
                          3.2    Assets owners responsibility ................................................................................... 5
                          3.3    Violation ................................................................................................................... 7
                   4.0    Information Classification and Labelling Policy .................................................................... 7
                          4.1    Information Classification Policy .............................................................................. 7
                          4.2    Information Labeling Policy ..................................................................................... 8
                   5.0    Information Handling Policy .................................................................................................. 8
                          5.1    Access, Storage and Control of Strictly Confidential Information............................ 8
                          5.2    Transmission of Internal (Non Public) and Strictly Confidential Information to
                          another organization ............................................................................................................. 9
                          5.3    Transmission of Public Information ......................................................................... 9
                          5.4    Encryption Key Management ................................................................................ 10
                                 5.4.1   Scope........................................................................................................ 10
                                 5.4.2   Key owners ............................................................................................... 10
                                 5.4.3   Algorithms and key size............................................................................ 10
                                 5.4.4   Maintenance guidelines ............................................................................ 10
                   6.0    Information Retention Policy............................................................................................... 11
                          6.1    General Retention Policy ....................................................................................... 11
                          6.2    E-Mail data and account Retention Policy ............................................................. 15
                                 6.2.1   Records, Financial Records, Legal Records and Vital Records retention 15
                                 6.2.2   E-Mail data and account retention ............................................................ 15
                                 6.2.3   E-mail account management .................................................................... 17
                                 6.2.4   Legal Hold and internal investigation ....................................................... 17
                   7.0    Information Destruction Policy ............................................................................................ 18
                          7.1    Degaussing ............................................................................................................ 19
                          7.2    Hard Disk and Media Storage ............................................................................... 19
                          7.3    Media Destruction Standards ................................................................................ 19
                          7.4    Hard Disk Wipe Standards .................................................................................... 19
                   Appendix 1 - Definitions and Abbreviations ..................................................................................... 20















                                                   Page 2 of 22
   37   38   39   40   41   42   43   44   45   46   47