data classification model

Level 0: Public information

Information which is in the public domain, and where disclosure is not harmful to AAU.
 

  • +

    Level 0: Examples

    Typical information:

    • AAU’s website, www.aau.dk etc.
    • Study descriptions
    • News articles
    • Books
    • Research data (open data)
    • Research reports

    General personal data, including:

    • Employee master data (name, title, telephone no.)
    • Affiliation with institutions
  • +

    Level 0: Labeling

    No requirements

  • +

    Level 0: Access

    ELECTRONIC AND PHYSICAL

    No requirements

  • +

    Level 0: Storage

    ELECTRONIC and PHYSICAL

    No requirements

  • +

    Level 0: Sending

    ELECTRONIC

    No requirements

    PHYSICAL

    No requirements

Level 1: Internal information

Information which only users with a purely work-related need may and can have access to, and where a breach of confidentiality will have no or a low impact for AAU, private individuals or partner(s).

  • +

    Level 1: Examples

    Non-sensitive personal data, including:

    • Master data (name, telephone no., address, date of birth)
    • Information on education, statements, course certificates and work tasks
    • Information on salary, tax, pension and current account number
    • Driving licence no. and type
    • Nationality
    • System user information
    • Information about illnesses and absences (periods of absence only, not treatment, diagnosis or reason for absence)
    • Participation in classes/courses/groups and subjects 

    Typical information:

    • Rotas
    • System configuration
    • Departmental budget
    • Purchase agreements
    • Teaching materials
    • Research data
    • Minutes of meetings and/or agendas
  • +

    Level 1: Labeling

    Information must be labelled so that it is protected against unintentional disclosure.

    Documents must be labelled, as a minimum, on the cover sheet.

    Where labelling is not possible, the classification must appear from the file or folder name.

  • +

    Level 1: Access

    ELECTRONIC AND PHYSICAL

    Electronic access to information must be protected by a password, PIN etc. (e.g. fingerprint, facial recognition) on the device and must be needed for work-related purposes.

    System access to the device must be locked after five minutes of inactivity. 

  • +

    Level 1: Storage

    ELECTRONIC

    On AAU-approved solutions and hardware, such as network drives etc., or approved via AAU-approved data processing agreement, AAU non-disclosure agreement or equivalent.

    PHYSICAL

    Stored so that no unauthorised persons can view or access the content. For example, in a locked office, a locked cabinet, box or the like.

  • +

    Level 1: Sending

    ELECTRONIC

    It is recommended that internal data be encrypted before transmission. In addition, senders must ensure that the recipient is aware of the rules governing the processing of the information received. 

    PHYSICAL

    May be sent internally in an internal circulation envelope or by ordinary mail (sealed envelope).

    Ensure the recipient is aware of the rules governing the processing and disposal of AAU information.

Level 2: Confidential information

Information which only users with a purely work-related need may and can have access to, and where a breach of confidentiality will have semi-serious impacts for AAU, private individuals or partner(s).

  • +

    Level 2: Examples

    Inventions and research which can be exploited commercially with a value in excess DKK 1,000,000.

    Research applications with a value for AAU in excess of DKK 1,000,000.

    Research data with potential negative impacts.

    Personal data, including:

    • Civil registration (CPR) numbers
    • Employees’ home address, private email, private telephone no. and other private information
    • Driving licence photograph
    • Personality test
    • Divorce
    • Adoption
    • Alcohol and drug testing
    • Registration of cheating at exams
    • Grades, marking etc.
    • Significant social problems and family matters

     

  • +

    Level 2: Labeling

    Information must be labelled so that it is protected against unintentional disclosure.

    Physical documents must be labelled on each page/field of view and must have a cover sheet which does not contain any confidential information.

    Information that cannot be labelled must always be stored in systems which clearly display its classification.

    In so far as is possible, electronic labelling must take place at metadata level.

  • +

    Level 2: Access

    ELECTRONIC AND PHYSICAL

    Electronic access requires authentication with AAU account information and must be needed for work-related purposes.

    System access must be locked after 5 minutes of inactivity. 

    System access must be logged.

    Data exports from the system must be logged.

  • +

    Level 2: Storage

    ELECTRONIC

    Storage may only ever take place on AAU-approved hardware or by partners with whom an AAU-approved data processing agreement for the storage of confidential data has been made.

    Where the data storage medium is publicly accessible, for example in the case of portable media, the medium must be encrypted with strong encryption.
    In connection with workflows involving recording devices, for example, the data must be transferred to encrypted devices as soon as possible and always within seven working days at the latest.
    Approved forms of encryption are determined by CISO.

    Where the storage medium is physically protected in, for example, a server room, administrator access and access to the server room must be logged.

    PHYSICAL

    Stored so that no unauthorised persons can view or access the content in a locked office, a locked cabinet, box or the like.

    All materials to be disposed of must be security shredded.

    Use the ‘Follow You’ print system to print documents.

  • +

    Level 2: Sending

    ELECTRONIC

    Information may only ever be forwarded/disclosed to business partners when a legal basis for such transfer exists (data processing agreement, disclosure, etc.).

    Information may be sent unencrypted in AAU networks.

    Information may be sent via encrypted channels where encryption is guaranteed end-to-end, outside the AAU networks.

    Data sent on portable media must be encrypted.

    CISO maintains a list of permissible forms of communication and lays down tunnel encryption requirements.

    PHYSICAL

    May be sent internally in a sealed envelope for the attention of the named recipient or delivered by hand; however, must not be taken on public transport such as buses and trains.

Level 3: Sensitive information

This is information which, by virtue of its personal, technical, commercial or competitive nature and sensitivity, must be protected against unintentional access and disclosure.

  • +

    Level 3: Examples

    Inventions and research which can be exploited commercially with a value in excess of DKK 5,000,000

    Research applications with a value for AAU in excess of DKK 5,000,000

    Research documentation involving sensitive data

    Sensitive personal data:

    • Race or ethnic origin
    • Political/religious or philosophical beliefs
    • Data concerning health
    • Sexual relations or orientation
  • +

    Level 3: Labeling

    Information must be labelled so that it is protected against unintentional disclosure.

    Physical documents must be labelled on each page/field of view and must have a cover sheet which does not contain any sensitive information.

    Information that cannot be labelled must always be stored in systems which clearly display its classification.

  • +

    Level 3: Access

    ELECTRONIC AND PHYSICAL

    Electronic access requires authentication with AAU account information as well as two-factor validation outside the AAU network.

    System access must be locked after 5 minutes of inactivity. 

    The account must be protected against brute force/password-guessing attacks through locking of the account after 10 failed login attempts within 10 minutes.

    Access to the system must be logged (including administrator access).
    Access (display) to information must be logged at field level (both electronic and physical).

    Changes to data must be logged.

    The exporting of data must only ever be to systems with explicit integration and where a defined purpose of such exports exists, approved by CISO.

    Information must not be visible to anybody but the processors, who must consider the physical environment, including other people being able to see their monitor(s).

    Information access must be checked every six months. Inspection reports must be filed in the ISMS system.

    Processing must be performed by users who are specially entrusted and trained in the processing of the information.

  • +

    Level 3: Storage

    STORAGE
    ELECTRONIC

    Storage may only ever take place on AAU-approved hardware or by partners with whom an AAU-approved data processing agreement for the storage of confidential data has been made.When stored on portable media, data must be encrypted with strong encryption.

    Sensitive information must not be stored on desktop media with public access, and access to the storage media must be physically restricted to authorised personnel. Access to the area must be logged. This applies, for example, to server rooms.

    When stored on portable media, data must be encrypted with strong encryption. In connection with workflows involving recording devices, for example, the data must be transferred to encrypted devices as soon as possible and always within seven working days at the latest.Approved forms of encryption are determined by CISO.

    Information may only ever be stored in dedicated systems specifically designed for handling sensitive information.

    The system must be updated with the latest security updates within 14 days of such security updates being made available at the latest.

    The system must be supported by the manufacturer or supplier.

    Administrator access to the system must be subject to the same logging requirements as for access.

    In connection with the discarding of media, electronic wiping and shredding must take place in such a way that the information cannot be recovered.

    PHYSICAL

    Must be stored in a physical folder, which clearly states the classification level.

    Stored so that no unauthorised persons can view or access the content in locked security cabinets/boxes or the like at AAU locations.

    All materials to be disposed of must be security shredded. Disposal must be logged.

    Use the ‘Follow You’ print system to print documents.

  • +

    Level 3: Sending

    ELECTRONIC

    Information may only ever be forwarded/disclosed to business partners when a legal basis for such transfer exists (data processing agreement, disclosure, etc.).

    Data must be sent via encrypted channels, where confidentiality is guaranteed by AAU or the recipient.

    Data sent via open channels, or channels owned by third parties, must be data-encrypted.

    Data transported on portable media must be encrypted.

    Approved forms of encryption are determined by CISO.

    PHYSICAL

    nformation may only ever be forwarded/disclosed to business partners when a legal basis for such transfer exists (data processing agreement, disclosure, etc.).

    Sensitive documents must sent in a sealed envelope, either by registered mail or by courier. Receipt and dispatch must be logged.