Information Classification Policy
Ambassify provides fast, efficient, and cost-effective electronic services for a variety of clients worldwide. As an industry leader, it is critical for Ambassify to set the standard for the protection of information assets from unauthorized access and compromise or disclosure. Accordingly, Ambassify has adopted this information classification policy to help manage and protect its information assets.
All Ambassify associates share in the responsibility for ensuring that Ambassify information assets receive an appropriate level of protection by observing this Information Classification policy:
- Ambassify Managers or information ‘owners’ shall be responsible for assigning classifications to information assets according to the standard information classification system presented below. (‘Owners” have approved management responsibility. ‘Owners’ do not have property rights.)
- Where practicable, the information category shall be embedded in the information itself.
- All Ambassify associates shall be guided by the information category in their security-related handling of Ambassify information.
All Ambassify information and all information entrusted to Ambassify from third parties falls into one of four classifications in the table below, presented in order of increasing sensitivity.
Ref | Category | Description |
---|---|---|
L1 | Public | Information is not confidential and can be made public without any implications for Ambassify. Loss of availability due to system downtime is an acceptable risk. Integrity is important but not vita
|
L2 | Internal | Information is restricted to managementapproved internal access and protected from external access. Unauthorized access could influence Ambassify’s operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital.
|
L3 | Confidential | Information collected and used by Ambassify in the conduct of its business to employ people, to log and fulfill client orders, and to manage all aspects of corporate finance. Access to this information is very restricted within the company. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
|
L4 | Restricted | Information received from clients in any form for processing in production by Ambassify. The original copy of such information must not be changed in any way without written permission from the client. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
|