Search

Other search services

Find courses and programmes Show syllabus Search welcome letters Search staff

Classifying Information ‑ Researchers

Classify your information

Classification of information is a fundamental activity to ensure that information and resources are given the necessary protection. It is the information that is the object of protection, i.e. what is to be protected. The information shall be classified on the basis of the function and significance for the business that it has and the consequences it entails if the information were to be handled incorrectly, disappear, fall into the wrong hands, etc., i.e. as a result of insufficient confidentiality, accuracy and availability

When should information classification be carried out?

  • When determining and continuously reviewing the level of protection of research data
  • In connection with the development of a data management plan

Go through the following steps to rate and risk assess your information

  1. Open the classification form and fill in the basic information
  2. Develop the classification support and decide what classification level the information should have for the different properties
  3. Carry out a risk assessment (if an impact assessment is to be carried out in accordance with Article 35 of the General Data Protection Regulation, the risk assessment is then carried out) More information can be found on the staff pages Personal data in research
  4. Go back to the classification form and decide what protective measures will be taken (available on the template, remove those that are not relevant and supplement if something is missing)
  5. Registration of classification 
    1. If the classification is included in a data management plan, the classification must be registered at the same reference number
    2. If it is a separate information classification of research data, a reference number must be retrieved and entered on the form
    3. Send the classification to the registrar.
    4. If the research also requires an impact assessment in accordance with Article 35 of the General Data Protection Regulation, it is registered at the same reference number - impact assessment

 

Contact

Eva Rodin Svantesson

It-informationssäkerhetssamordnare|IT information security coordinator

+46 (0)10-1428721

The page was updated 2/4/2025