Document marking policy
The MRC uses the Government security classification system to classify and protect the information we handle. By marking documents and emails, simply and clearly, the scheme provides a common baseline for safeguarding information. This page provides guidance on the MRC information marking scheme for those generating, handling or receiving information.
The scheme is straightforward, risk-based approach to the way that we classify and protect information, whether in transit, at rest or whilst being processed. It puts the onus on the individual employee to take responsibility for the information they manage.
How we handle information
In line with the information marking scheme, we expect everyone handling information, regardless of its source to comply with the scheme. In summary this means we:
- Handle, use and transmit with care
- Take basic precautions against accidental loss or compromise, opportunist or deliberate attack
- Dispose of information sensibly by destroying it in a manner to make reconstruction unlikely
- Ensure that statutory and regulatory obligations are fulfilled
Further information relating to how information is handled based on the protective marking can be found in Handling information (PDF 97KB) (PDF, 97KB).
What the markings mean
Each of the classifications we use provides a baseline set of controls that offer an appropriate level of security and protection.
The majority of information that is received, created, processed, generated, stored or shared within MRC is classed as OFFICIAL, unless otherwise marked. There is no requirement to mark routine OFFICIAL information but we will mark information in some cases to provide instructions to anyone using the information, including external organisations, and to indicate that we have considered how the information should be handled.
OFFICIAL – SENSITIVE
Information that is of a particularly sensitive nature is marked OFFICIAL - SENSITIVE. This marking is only be used in limited circumstances primarily when such information is distributed on a “need to know” basis.
We do not use the additional descriptors, but staff are aware of their existence and meaning. The additional descriptors used under the Government scheme apply to OFFICIAL – SENSITIVE information and are PERSONAL, COMMERCIAL and LOCSEN.
Handling instructions and tag
OFFICIAL – Treat In Confidence or OFFICIAL-SENSITIVE – Treat In Confidence
We use one handling tag and may also provide handling instructions. The handling tag ‘treat in confidence’ is used to identify information which should be handled with additional care, and not be forwarded without further consideration. External recipients should be assured that such information will be treated confidentially, and equally they are expected to handle the information accordingly.
Other handling instructions may be found in the introductory text or main body of the document or e-mail, for example to define a specific recipient group.
SECRET and TOP SECRET
These classifications apply to highly sensitive information requiring heightened protective measures.
We do not expect to handle much SECRET or TOP SECRET information in the course of our work, and employees are advised to contact the IT Security Officer for advice.
For further information on our protective marking scheme please contact our Information Security Officer at firstname.lastname@example.org.