Information Classification Policy

Policy date:  
9/8/2024

‍Introduction

WebPeak recognizes the importance of protecting corporate information according to its value, criticality and sensitivity. To ensure that information is properly protected, it is essential that it is classified in a systematic and consistent manner. This policy defines the information classification process at WebPeak, ensuring that information is treated according to its legal requirements, value to the business, and the need to protect against modification or unauthorized disclosure.‍

Objective

The purpose of this policy is to establish clear guidelines for the classification of WebPeak's information in order to ensure that the information is adequately protected against the risks of unauthorized modification, disclosure, access or destruction. The policy aims to ensure compliance with legal, regulatory and contractual requirements, as well as preserving the integrity and confidentiality of corporate information.‍

Scope

This policy applies to all information generated, processed, stored or transmitted by WebPeak. It includes, but is not limited to:

  • Physical and electronic documents.
  • Data stored in databases, systems and storage devices.
  • Information transmitted by e-mail, communication applications or other digital means.
  • Information on customers, partners, suppliers and employees.‍

‍Information Classification Guidelines

Classification categories

WebPeak information will be classified into one of the following categories, based on its value, sensitivity and legal requirements:

  • Public: Information intended for the general public, with no restrictions on access or disclosure. Examples: marketing materials, information available on the company's public website.
  • Internal: Information for internal use that should not be disclosed outside WebPeak. Although not highly sensitive, access should be restricted to necessary employees and partners. Examples: internal policies, operating procedures.
  • Confidential: Information that, if disclosed, could negatively impact WebPeak or its customers. Access is restricted to authorized individuals who need this information to perform their duties. Examples: internal financial reports, customer contracts, employees' personal information.
  • Restricted: Highly sensitive information that requires the highest level of protection. Access is extremely limited and strictly controlled. Examples: intellectual property data, strategic business plans, critical customer information.‍
  • Classification Criteria

The classification of information will be based on the following criteria:

  • Business Value: The importance of information to WebPeak's operations, including its financial and operational impact.
  • Legal and regulatory requirements: The need to protect information to comply with laws, regulations and contractual obligations.
  • Criticality: The importance of information for business continuity and its dependence on critical operations.
  • Sensitivity: The potential impact of modification, loss or unauthorized disclosure of information, including damage to the reputation and trust of customers and partners.‍

‍Labelingand Information Processing

All classified information must be labeled according to its classification category. The label must be clearly indicated on physical and electronic documents, databases and IT systems. The information must be handled according to the guidelines established for each category, ensuring that appropriate security measures are applied, such as encryption, access control and monitoring.‍

Reviewing and Updating the Classification

The classification of information must be reviewed periodically, or whenever there are significant changes in its value, criticality or legal requirements. The review can be initiated by requests from information owners or by internal information security audits.‍

Responsibilities

  • Information Owners: Responsible for classifying the information in their custody and ensuring that it is properly labeled and protected.
  • IT team: Responsible for implementing and managing the technical controls needed to protect information according to its classification.
  • Information Security Management: Responsible for providing guidance on the classification of information and auditing compliance with this policy.‍

Training and Awareness

All WebPeak employees will receive training on the importance of information classification and their responsibilities for the secure handling of information in accordance with the policy. Ongoing awareness programs will be carried out to ensure compliance with classification practices.‍

Policy Review

This policy will be reviewed annually or whenever there are significant changes in the company's operations, legal requirements or the threat environment. Any revisions will be approved by senior management and communicated to all relevant employees.‍

Approved by

Marcos Vinicius Custódio
Legal Responsible

webpeak - zoho partner
contato@webpeak.com.br
+55 11 3645-3623
São Paulo, SP
Florianópolis, SC
Talk to sales
Institutional
HomeAbout UsCasesAppsConsulting
Industries
Services
Retail
Finance
Services
NOC
Architecture
Web and Mobile
Digital Experience
AI, BI and RPA
Cloud Computing
Zoho
Partners
Zoho Corporation
Webflow
VTEX
Net2Phone
Manage Engine
MTCaptcha
Google
Cool
Service level agreement
Anti-corruption policy
PLD-FT policy
Privacy Policy
Terms and conditions of use
Security
Information Security Policy
Information Classification Policy
Encryption Key Management Policy
Backup Policy
Access Management Policy
Developed by the Webpeak Team, powered by Webflow
Sitemap
webpeak - zoho partnerwebpeak - zoho partnerwebpeak - zoho partnerwebpeak - zoho partner