Skip navigation to content

Information Classification Policy

Implementing the Information Classification Policy

This implementation guide must be read and used in conjunction with the University Information classification policy.

In general, the classification given to information and the associated protective marking label that is applied, is a shorthand way of signalling how information is to be handled and protected.
This guide:

  • Provides guidance and tips on how to classify information accurately and consistently;
  • Details when information should not be classified;
  • Details how protective marking labels should be applied to physical and electronic documents;
  • Details how information (in physical and electronic formats) is to be handled and managed depending on its classification i.e.
    • Secure use;
    • Storage;
    • Transmission and
    • Destruction.
  • Advises where further help and advice is available.

Implementing the Information Classification Policy (PDF, 336 KB)

Information Classification Policy

The protection of information and/or data through the application of an information classification system (sometimes referred to as protective marking) is one of the oldest and arguably most effective regimes available for the protection of sensitive information.


Clearly labelling information to alert people to its inherent level of sensitivity and/or confidentiality, against a predefined scale is primarily designed to help ensure that materials are only made available to those persons with a legitimate right of access. Protective markings stipulate how an organisation expects information to be protected and managed during its use, while information retains a particular classification. In that regard, an information classification will also determine how information should be handled, stored and disposed. Where the corresponding protection requirements are followed the likelihood that confidentiality will be breached should be reduced. In addition, organisations should be able to demonstrate to the UK Information Commissioner that policy and procedures are in place to reduce the likelihood of information and/or data loss. The Commissioner expects that organisations take proactive measures to reduce the likelihood of data breaches occurring.


Protective marking has traditionally been used by Government, law enforcement agencies and the military. Given the requirement to protect personal and sensitive personal data (as defined by the Data Protection Act 1998 (“the DPA”)), more public sector and commercial organisations are implementing information classification schemes as part of an information

Information Classification Policy (PDF, 350 KB)

Quick answers

See if your question is answered in our quick answers.

Contact the IT Service Desk

Log a call using IT Self-Service

itservicedesk@st-andrews.ac.uk
(01334 46) 3333
 Message us on Skype for Business
(Mon - Fri, 09:00 - 17:00)

Level 2
University Library
North Street
St Andrews
Fife KY16 9TR

Opening Hours
Mon - Fri
: 08:30-18:00
(front desk support
from 09:00)

Sat: 10:00-17:00
Sun: 11:00-18:00

The IT Service Desk is closed
for staff training on Fridays
between 09:30 and 10:30