LUL - S1782
Information Security Classification
| Organization: | LUL |
| Publication Date: | 1 August 2022 |
| Status: | active |
| Page Count: | 17 |
scope:
This standard is consistent with TfL's information governance policies (including but not limited to the Information Security Policy, Information and Records Management Policy and Privacy and Data Protection Policy).
The standard also complies with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR) covering the secure storage and transmission of data.
The classification scheme outlined in this Standard does not apply to information received by TfL which is protectively marked in accordance with the Government Security Classification Policy issued by the Cabinet Office. Such information must be managed in accordance with the Government Security Classification Policy. Detailed guidance on data handling in accordance with that Policy will be made available to TfL Personnel who handle such information.
The provisions of this Standard will not, as a rule, be applied retrospectively but will come into force from the date on which the Standard is issued.
This standard includes:
a) A description of the classes of information which require protective marking for security purposes.
b) Notes on the potential impact on TfL of accidental or deliberate compromise of the various classes of information.
c) Examples of information covered by each security classification.
d) Summary guidance on the storage, circulation and disposal of the various classes of information. More detailed requirements for the secure handling of information are included in the Appendix to this Standard.
Purpose
This TfL standard sets out an information security classification scheme covering information and records, in all formats, held by TfL.
The objectives are to:
(a) Improve the reliability of, and confidence in, the security of our stored information
(b) Reduce information risk, including the likelihood of security incidents or data breaches
(c) Clarify the categories of information which require secure handling
(d) Reduce the burden of determining which information requires secure handling.
This standard is designed to:
a) Provide clear guidelines to all TfL Personnel on minimum security standards for the information they manage
b) Provide a set of standard requirements for managing information in accordance with its defined security classification
c) Provide a set of classifications which TfL Personnel must use when labelling unpublished information
Document History
