Document Feedback - Review and Comment
Step 1 of 4: Comment on Document
How to make a comment?
1. Use this to open a comment box for your chosen Section, Part, Heading or clause.
2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.
3. Do not open more than one comment box at the same time.
4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.
Important Information
During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will receive a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:
-
DO NOT jump between web pages/applications while logging comments.
-
DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.
-
DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.
-
DO NOT exit from the interface until you have completed all three stages of the submission process.
(1) The Information Asset Classification Policy provides direction for University users to label their information according to its sensitivity. (2) This Policy acknowledges and aims to safeguard the University's information systems as crucial assets, ensuring their integrity, security and constant availability. (4) For the purposes of this Policy, the following definitions apply: (5) A risk-based approach to information security and information sharing requires clear oversight of the University’s information assets. Information classification is a responsibility shared by the entire business. Integrating information classification into all areas of the business, with full corporate oversight, ensures that information classification is properly planned, implemented, and resourced according to business needs and risk appetite. (6) In-line with the NSW Government Information Classification, Labelling and Handling Guidelines and the Australian Government’s Protective Security Policy Framework, it is important that information is labelled correctly so that the users within SCU know how to manage information in a secure which is consistent with the Australian Government and other states and territories. (7) Information which is unrelated to University study or business operations. (8) This information can be openly shared or distributed to the general public. It requires minimal protection and, when used as intended, has minimal to no negative impact on the University's operations, assets, or reputation, or on the University’s obligations regarding information privacy. (9) This information is intended for general internal use within the University and should not be externally distributed. It may be accessed by authorised staff and students. (10) This information is also for internal use but is restricted to staff who need it to perform their university duties. It includes information protected under federal or state legislation or by university contractual obligations and requires enhanced privacy and security protections. (11) This information must be kept strictly confidential and accessed only on a "need to know" basis. It includes data that could affect national interests or security or information where accidental or malicious breach could reasonably be expected to cause serious harm to the University, third party or an individual if released publicly. (12) The access, distribution, storage and disposal of Protected information may be subject to applicable state and federal legislation and review by the Senior Manager – Cyber Security to ascertain appropriate levels of controls which are commensurate with the environment. (13) All staff must understand their legal and corporate responsibilities regarding the appropriate use, sharing, or release of information. Any third party receiving Sensitive or Protected information must be authorised to do so, and they or their organisation must adhere to information security measures that ensure the confidentiality, integrity and availability of the information. (14) Wherever practicable, information assets should be labelled as follows: (15) Identifying the integrity and availability levels of information assets assists Technology Services to apply risk management techniques across all ICT systems and University processes, allowing the University to appropriately plan, resource and maintain effective information security controls. The process recognises that information for the public may require exceptionally high degrees of integrity (accuracy) and availability.Information Asset Classification Policy
Section 1 - Purpose and Scope
Purpose
Scope
Top of PageSection 2 - Definitions
Top of PageSection 3 - Policy
Risk Based Approach
Information Classification, Labelling, Handling and Distribution
Classification of Information Assets
Unofficial: (UO)
Official: Public (PUB)
Official: (O)
Official: Sensitive (O:S)
Protected: (P)
Labelling of Information Assets
Integrity and Availability Classification
Availability Classification Scheme
Integrity Classification Scheme