Skip to main content

InformationClassificationPolicy

Information Classification Policy
Last updated: January 20, 2023

Scope

  • This policy sets out ZORA COMMUNICATIONS arrangements for ensuring that information is classified in terms of legal requirements, value, criticality and sensitivity to unauthorized disclosure or modification.

Responsibilities

  • Zora Communications performs various internal vulnerability scans and package monitoring on a constant basis.
  • Zora Communications also performs external vulnerability-scans/penetration-tests periodically.

Reporting

  • This activity is carried out by knowledgeable staff from all levels and parts of the organization in the process.
  • CISO
  • Manager & Team-leads
  • Staff

Monitoring for Vulnerabilities

  • The terminology used to classify information in ZORA COMMUNICATIONS is as follows.
    • Public
    • Internal
    • Company Confidential
    • Client Confidential
    We ensure the appropriate protection of all information listed in the Information Asset Inventory by classifying information according to the following scheme and then applying the appropriate controls.
ClassificationDescriptionExamples
Public
  1. Information that is not confidential and can be made public without any material implications.
  2. Loss of availability due to system downtime is an acceptable risk.
  3. Integrity is important but not vital.
  1. Product brochures
  2. Information widely available in the public domain, including our publicly available web site areas
  3. Financial reports required by regulatory authorities
  4. Newsletters for external transmission
Client Confidential
  1. Information collected and used by us in the conduct of our business to employ people, to log and fulfill client orders, and to manage all aspects of corporate finance.
  2. Access to this information is highly restricted within our organization.
  3. The highest possible levels of integrity, confidentiality and availability are vital.
  1. Client media
  2. Electronic transmissions from clients
  3. Product information generated by us for the client
Company Confidential
  1. Information collected and used by us in the conduct of our business to employ people, to log and fulfill client orders, and to manage all aspects of corporate finance.
  2. Access to this information is highly restricted within our organization.
  3. The highest possible levels of integrity, confidentiality and availability are vital.
  1. Salaries and other staff data
  2. Accounting data and internal financial reports
  3. Confidential customer business data and confidential contracts
  4. Non-disclosure agreements with clients/vendors
  5. Company business plans
  • Where practicable, the information category shall be embedded in the information itself.

Breach of Policy

  • Employees will be subject to appropriate disciplinary action, up to and including dismissal, for knowingly or unknowingly revealing information of a confidential nature. The Company will enforce this policy in accordance with all applicable federal, state, and local laws.

Records

  1. Acceptable Use Policy
  2. Appointment letter
  3. Asset & Access Inventory Register