Comments

Document Feedback - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

 

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

  1. DO NOT jump between web pages/applications while logging comments.

  2. DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.

  3. DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.

  4. DO NOT exit from the interface until you have completed all three stages of the submission process.

 

Information Classification Standard

Section 1 - Context

(1) This standard provides a consistent approach for the classification of RMIT Group data and information, referred to hereafter as ‘Information’, so that it can be properly and securely managed throughout its lifecycle. 

(2) This standard also defines the minimum classification requirements to enable Information Custodians to meet their responsibilities and accountabilities and should be read in conjunction with the Information Classification and Handling Procedure.

Top of Page

Section 2 - Authority

(3) Authority for this document is established by the Information Governance Policy.

Top of Page

Section 3 - Scope

(4) This standard applies to all RMIT Group Information, in all formats, as defined in the Information Governance Policy, except data and information related to Australian national security and defence. 

(5) This standard applies to all individuals who create, use, manage, handle or process RMIT Group Information, including RMIT Group staff, casual employees, contractors, visitors, honorary appointees and third parties.

(6) The RMIT Group is RMIT University and its controlled entities, referred to hereafter as RMIT.

Top of Page

Section 4 - Standard

Background

(7) According the Information Governance Policy, an individual  assumes the role of an Information Custodian when RMIT Information is in their possession.

(8) Information Classification is administrative metadata that enables the secure and effective management of Information across its lifecycle and provides a mechanism for Information Custodians to meet specific responsibilities and accountabilities to protect Information in their custodianship.

(9) Information Classification includes Security Classification and Management Classifications.

(10) Information Custodians must follow the Information Classification and Handling Procedure on how to classify and handle Information.

Security Classification

(11) Security Classification (or security labelling) signifies the confidentiality requirements and enables the appropriate application of security protections and controls for Information. It functions similarly to a Protective Markings Scheme under the Victorian Protective Data Security Framework (VPDSF).

(12) Security Classification is mandatory for all Information and must be applied by an Information Custodian at the point of Information creation or collection. 

(13) Schedule 1 of the Information Governance Policy defines the different levels of Security Classification.

(14) The Security Classification of Information must be reclassified if its confidentiality changes, or if the Information is incorrectly classified across the Information lifecycle.

(15) Processes and systems must be designed to enable the effective implementation of Security Classifications including ensuring Information Custodians understand the controls and protections enabled by the Security Classification and its impacts to Information access, use and movement.

(16) Access, movement, and use of Information must be informed by the Security Classification.

Management Classifications

(17) Management Classifications are additional classifications which enable the management of Information across its lifecycle. They function similarly to the Information Management Markings (IMMs) under the Victorian Protective Data Security Framework (VPDSF).

(18) Management Classifications enable the identification of:

  1. Institutional Data, Research Data and Unofficial Information as defined in Section 4 of Data and Information Lifecycle Management Procedure
  2. Information subject to public records retention requirements outlined in the Retention and Disposal Standard
  3. Information Domains within the Information Domain Register and accountable trustee(s) for Institutional Data
  4. Information subject to the Privacy Policy
  5. Information subject to legal privilege.

(19) Management Classifications enable an accurate and discoverable account of Information assets and may be applied by Information Custodians and administrative governance functions at any of the following levels: 

  1. individual record level
  2. physical storage location level
  3. information asset level
  4. technology asset level
  5. Information Asset Register level, implemented via the RMIT Information Domain Register.

Responsibilities

(20) Information Custodians are responsible for the proactive annual review of  classification of Information under their custodianship.

(21) Information Stewards are responsible for providing an advisory role and support for operational data governance functions, in accordance with the Information Governance Policy and its resources.

(22) The Chief Data and Analytics Officer is responsible for delivery of the RMIT Information Domain Register as the enterprise Information Asset Register.

(23) The Chief Information Officer is responsible for delivery of Technology Assets, in accordance with the Information Technology and Security Policy.

Top of Page

Section 5 - Definitions

(Note: Commonly defined terms are in the RMIT Policy Glossary. Any defined terms below are specific to this policy).
Information Asset A collection of Information, defined and practically managed so it can be understood, shared, protected and used to its full potential. Information assets support processes and are stored across a variety of media and formats (i.e. both paper-based as well as electronic material). Information assets have a recognisable and manageable value, risk, content and lifecycle.
Technology Asset A store of Information Assets in digital format, represented as an IT Asset as specified in the Information Technology and Security Policy.
Information Asset Register
A central catalogue of Information Assets under RMIT custodianship, implemented via the RMIT Information Domain Register.