Text Size:   A+ A- A   •   Text Only
Find     
Site Image
Information Asset Classification
Purpose and Objectives
mouse and pencil
The purpose of statewide Information Asset Classification policy 107-004-050 (effective 7/30/2007) is to ensure State of Oregon information assets are identified, properly classified, and protected throughout their lifecycles. Information, like other assets, must be properly managed from its creation to disposal. As with other assets, not all information has the same value or importance to the agency and therefore information requires different levels of protection. Information asset classification and data management are critical to ensure that the state’s information assets have a level of protection corresponding to the sensitivity and value of the information asset.
 
The provisions of the policy collectively apply to all information assets, including but not limited to paper, electronic, and film. The term “information asset” is not used within this framework to refer to the technology that is used to store, process, access and manipulate the information.
 
The objective of the information asset classification initiative is to develop and implement processes that allow an agency to continually assess and classify its information assets and provide information asset classification plans for assessment purposes. Information asset classification allows an agency to:
  • Continually assess what types of precautions must be taken to ensure the confidentiality, integrity, and availability of its information assets related to their value.
  • Collect documentation on its information assets:
    • Compliance requirements
    • Information owner
    • Associated business function, such as business continuity planning
    • Archive and retention requirements
A Community of Practice, consisting of representatives from eight state agencies, developed a suite of agency resources and identified other tools and best practices that may assist agencies as they undertake this initiative. These documents and resources are linked below.

Agency Resources
Resources created by the Information Asset Classification Community of Practice

  • Information Asset Classification policy -- revised
 pdf
  • Information Asset Classification methodology
 Word
  • Awareness materials for managers
 PowerPoint
  • Awareness materials for employees
 PowerPoint
  • Information Forum presentation (1/30/2008)
 PowerPoint

Tools

  • Information Asset Classification strategy model
 PowerPoint
  • Sample methodologies
 Word
  • Risk Assessment Tool
 Word
  • GSA E-Authentication Risk and Requirements Assessment Tool
 pdf
  • Definitions, Examples, Handling matrix
 Word
  • Threats and Security Concerns matrix
 Word
  • Sample Information Asset List
 Word
  • Dept. of  Homeland Security Privacy Impact Assessment
 pdf 
  • Dept. of  Homeland Security Privacy Threshold Analysis
 pdf
  • Dept. of  Homeland Security Privacy Impact Assessment Template
 pdf

Agency Provided Material
  • PERS - Acceptable Use Policy
PDF 
  • PERS - Acceptable Use of Information Systems Exception Request form
PDF 
  • PERS - Release of Sensitive Information Policy
PDF 

Other Resources
Resources created by other entities

  •  Information Security Oversight Office -- Classified National Security Information Basics
    • Original Classification Authority -- Provides Federal requirements of who classifies and how to classify
    • Derivative Classification -- Provides Federal requirements when using portions of previously classified information in a new document
    • Marking Classified National Security Information -- Provides Federal requirements for labeling
    • Safeguarding Classified Information -- Provides Federal safeguard requirements