How to make Chinese Dumpling-APPENDIX A

APPENDIX A
Pdf Summary
The document outlines Oakleaf’s Data Classification and Handling Guidelines as part of its Information Security Program, defining a four-level data classification scheme: Restricted, Confidential, Private, and Public.

1. <strong>Restricted Data</strong> is the most sensitive, often governed by external legal or contractual requirements, including Personally Identifiable Information (PII) and Non-Public Information (NPI), such as social security numbers, passports, and loan files. Unauthorized disclosure could cause significant damage, including legal penalties and reputational harm. Handling requires strict controls: encryption for storage and transmission, prohibition on mobile and cloud storage, restrictions on printing, faxing, and copying, mandatory labeling, and approvals for third-party access with NDAs.

2. <strong>Confidential Data</strong> involves internally designated sensitive information like employee PII, accounting, payroll, and financial data. Loss could cause moderate damage. Handling includes encryption requirements for storage and transmission, restrictions on mobile storage, banned faxing, controlled printing and copying, use of certified mail for physical documents, and asset owner approval for third-party sharing, typically with NDA recommendations.

3. <strong>Private Data</strong> refers to information owned or entrusted to Oakleaf but not for public release due to potential business impact. Examples include general employee contact details and some financial data. Minimal damage would occur if compromised. Recommended handling includes encryption for storage and transmission, marked internal mail, shredding disposal, and NDAs for third-party access. Printing and copying have fewer restrictions.

4. <strong>Public Data</strong> can be freely shared internally and externally without risk. Handling has no special requirements except recommended email encryption and labeling with release dates if applicable.

General practices state that all data defaults to Private unless classified otherwise. More restrictive classifications override lesser ones when combining data. Data handling compliance extends to client-specific requirements.

The document also enumerates specific examples of data under each classification category, covering client data, employee information, marketing plans, financial records, and IT credentials, ensuring comprehensive coverage of data types.

Approvals for exceptions and access rights are managed by designated executives. The guidelines align with standards such as ISO 27002 and NIST SP 800-53 and include revision history and sign-offs by Oakleaf’s CEO and CISO.
Keywords
Data Classification
Information Security
Restricted Data
Confidential Data
Private Data
Public Data
Data Handling Guidelines
PII
NDA
ISO 27002