Skip to content
Icono teléfono
+ 34 981 269 685
Foexga

Information Classification Policy

Home    Information Classification Policy

Information Security Policy

Target

The purpose of this Policy is to establish the Information Security guidelines applicable to the classification of information. This policy applies exclusively to information owned by DOCUTEN TECH, S.L. directly or indirectly related to the provision of its services, regardless of the format and support in which it is found (written, electronic, video, voice, etc.).

Content

  • In order to improve productivity, DOCUTEN TECH, S.L. promotes the responsible use of information whether in electronic, paper or communicated format (by telephone, e-mail, etc.).
  • Regardless of the level of classification of the information, the information must always be accessible by DOCUTEN TECH, S.L.’s management.
  • The classification assigned to the information must be periodically reviewed by its owners.
  • The rules established by DOCUTEN TECH, S.L. regarding the classification, marking and treatment of information will be followed.
  • The security measures implemented will take into account the classification criteria and the security requirements established for each criterion.
  • The criteria and levels of classification of the information assets owned by DOCUTEN TECH, S.L. will be established according to their importance for the activity of DOCUTEN TECH, S.L.
  • The information will be classified according to the following criteria:
    • Confidentiality.
    • Integrity.
    • Availability.
  • The Directors of each Area or Department, or those persons to whom they formally delegate this responsibility, are designated as owners of the information.
  • A manager has been designated for each information asset.
  • The owners of the information are responsible for classifying it according to the defined criteria, as well as for defining the different accesses to it.
  • The owners of the assets are responsible for authorizing the use of these assets, establishing the measures they consider appropriate for their protection.

General classification of information

Información TLP:WHITE

(Unrestricted disclosure. Public Information)

Information that does not require protection due to the express wish of DOCUTEN TECH, S.L. to publish it, the requirement of publication by the regulations in force or because its disclosure, whether intentional or accidental, will not entail any type of risk for DOCUTEN TECH, S.L. The information classified as public will be accessible by persons belonging to DOCUTEN TECH, S.L. or external to it. E.g.: Information about services offered by DOCUTEN TECH, S.L.

When to use itHow to share it
TLP:WHITE should be used when the information does not pose any risk of misuse, within the rules and procedures established for its public dissemination.TLP:WHITE information may be distributed without restriction, subject to copyright controls.

TLP:GREEN Information

(Limited disclosure. Information Restricted to a Community).

When to use itHow to share it
TLP:GREEN should be used when the information is useful to all participating organizations, as well as to third parties in the community or industry.Recipients may share information listed as TLP:GREEN with affiliated organizations or members of the same industry, but never through public channels.

TLP:AMBER Information

(Limited disclosure. Information Restricted to Participant Organizations).

Information necessary for the correct performance of the functions and business of DOCUTEN TECH, S.L. which, although requiring protection, will not be classified as TLP:RED and whose disclosure, whether intentional or accidental, may cause small or medium economic losses to DOCUTEN TECH, S.L., will not significantly deteriorate the corporate image, will not infringe on the rights of individuals. Classified information will be accessible by personnel authorized by DOCUTEN TECH, S.L. and may not be transmitted or communicated to anyone outside the group without prior authorization from the owner. E.g.: Telephone directory, company organization chart.

When to use itHow to share it
TLP:AMBER should be used when information requires limited distribution, but poses a risk to privacy, reputation or operations if shared outside the organization.Recipients may share information flagged as TLP:AMBER only with members of their own organization on a need to know basis, and with customers, suppliers or associates who need such information to protect themselves or avoid harm. The issuer may specify additional restrictions for sharing this information.

TLP:RED Information (Limited Disclosure. Confidential Information).

Information whose disclosure, alteration or loss may involve a serious economic loss for DOCUTEN TECH, S.L., a significant deterioration of its public image, directly infringe the right to privacy of individuals or may significantly affect its position in the market or non-compliance with current regulations. Confidential information assets may not, in any case, be publicly accessible and there may be cases in which some users have only temporary access. Permanent or temporary access to confidential information assets must be fully justified and approved. Confidential classified information shall be accessible by a limited and defined group of persons. Exceptional transfer to third parties without prior authorization from the owner of the information is not allowed. E.g.: Strategic plans, economic information.

In addition, information that should be known only to the owner of the information, such as user passwords, cryptographic keys, etc., may not be shared or disclosed. Such secret classified information will not be allowed to be shared or disclosed. Protection measures will be maximized in their generation and subsequent distribution to owners by means of encryption and mechanisms that will make it possible to discover whether they have been tampered with(tamper proof). Extreme security will be maintained in its storage (irreversible encryption of passwords, separation into parts and allocation of key rings for master keys…).

When to use itHow to share it
TLP:RED should be used when the information is limited to specific individuals, and could impact privacy, reputation or operations if misused.Recipients must not share information designated as TLP:RED with any third party outside of the area where it was originally exposed, except for