Comments

Document Feedback - Review and Comment

Step 1 of 4: Comment on Document

How to make a comment?

1. Use this Protected Document to open a comment box for your chosen Section, Part, Heading or clause.

2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.

3. Do not open more than one comment box at the same time.

4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.

Important Information

During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:

DO NOT jump between web pages/applications while logging comments.
DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.
DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.
DO NOT exit from the interface until you have completed all three stages of the submission process.

Information Classification Levels Schedule 1

Section 1 - Information Classification Levels Schedule 1

Security Classification

Classification	Definition	Operational Impact Refer to Risk Management tools to determine the impact.	Examples
Level 0 – Public Lowest level of confidentiality	Information which has been authorised by the Information Trustee for public access and circulation	Unauthorised disclosure causes minor or negligible impact to RMIT	• Course outline published via RMIT website • Publicly available campus brochures and campus maps • Financial statements, published via annual report • Press releases • Advertised job postings • Academic Staff Profiles published via RMIT website
Level 1 - Trusted Standard level of confidentiality	Information that is intended to be used internally in the day-to-day operations within RMIT Group. The Information Custodian and intended recipients understand the information handling context and risks.	Unauthorised disclosure may result in moderate or minor impact to RMIT such as: • Minor financial harm • Minor harmful reputational damage • Minor regulatory penalties or loss of key licenses and/or funding • Minor interruption of critical operational system/processes • Minor impact to research activity • Minor risks to the safety or wellbeing of individuals	• Project delivery artefacts • Course administration records • Campus ventilation maps • Work in progress financial statements, not finalised • Proposed press releases, pending approvals • Previously advertised job postings, closed for applicants • Staff profiles, published for internal use • Staff newsletters • Day-to-day email correspondence
Level 2 – Protected Increased level of confidentiality	Information that has an increased level of confidentiality and intended to be used by authorised individuals for an authorised purpose on a need-to-know basis. This security level provides an additional security mechanism to limit information proliferation. The intended recipient must seek Information Custodian approval before sharing or disclosing the information.	Unauthorised disclosure may result in severe or major impact to RMIT such as: • Major financial harm • Major harmful reputational damage • Major regulatory penalties or loss of key licenses and/or funding • Major interruption of critical operational system/processes • Major impact to research activity • Major risks to the safety or wellbeing of individuals	• University Policy, during targeted consultation • Project Business Cases, during approval process • HR cases, via People Connect • Records from procurement activities being executed via approved procurement plans • Unreleased student results • Staff salaries and bank details • Third party information, protected by contractual agreements (e,g, NDA) • Commercially sensitive information
Level 3 – Restricted Highest level of confidentiality	Information that has the highest level of confidentiality and intended to be used by a small, limited number of authorised individuals on a need-to-know basis. The intended recipient must obtain Information Trustee authorisation prior to handling, sharing, and disclosing information.	Unauthorised disclosure may result in extreme or severe impact to RMIT such as: • Severe financial harm • Significant harmful reputational damage • Extreme regulatory penalties or loss of key licenses and/or funding • Significant interruption of critical operational system/processes • Significant impact to research activity • Severe risks to the safety or wellbeing of individuals	• Student grievances • Confidential out-of-court settlements • Campus Security, CCTV records • Restricted information under advice by Chancellery, Council or University Governance forums.

Management Classifications – Governance

Classification	Definition	Examples
Institutional Data	Information or data governed by the Information Governance Policy.	• Course outline published via RMIT website • Publicly available campus brochures and campus maps • Theses submitted to RMIT by HDR candidates as part of HDR Submission and Examination Procedure • Published research submitted to RMIT by researchers as part of the Dissemination of Research Outputs Procedure
Research Data	Information or data governed by the Research Policy.	• Publicly available campus brochures and campus numerical, descriptive or visual record of an experiment • Primary materials such as assays, test results, transcripts, laboratory and field notes, visual diaries, journals, audio and visual recordings, oral history sound files, performance recordings, archival data and metadata, websites, photographs and images • Analysed test-results, field notes and recordings • Peer-reviewed academic articles
Unofficial Information	Information or data unrelated to RMIT work duties or functions, allowable under the Information Technology - Acceptable Use Standard and the Information Technology and Security Policy.	• Images of family holidays and pets • Personal email

Management Classifications – Retention

Classification	Definition	Examples
Relevant for Retention & disposals controls	Master information or data outlined in the RMIT Retention of Disposal Authority (RDA), Section 5 of the RMIT Retention and Disposal Standard, which must be retained due to obligations within the Public Records Act 1973 (Vic).	• Records of actions taken to address child sexual abuse that has occurred or is alleged to have occurred. • Summary record of grant applications • Records relating to the borrowing of money by RMIT • Enterprise bargaining and workplace agreements / awards • Environmental monitoring of hazardous substances listed in relevant Occupational Health and Safety legislation. • Research data which is classed in Section 5 of the RMIT Retention and Disposal Standard
Irrelevant for Retention & disposals controls	Information or data that does not fall under RMIT Retention of Disposal Authority (RDA), Section 5 of the RMIT Retention and Disposal Standard including Information or data that may be deleted under NAP principles.	• RMIT store stock inventory • Copies of records • Drafts and transitory documents, where the content is reproduced elsewhere, and the information will not be needed to show how the work has progressed or actions approved

Management Classifications – Privacy

Classification	Definition	Examples
Contains Personally Identifiable Information (PII)	Information and data subject to the Privacy Policy and/or contains Personally Identifiable Information (PII).	• Tax-file number • Medicare number • Student complaints and grievances
Does NOT contain Personally Identifiable Information (PII)	Information and data not subject to the Privacy Policy.	• Project delivery artefacts • Previously advertised job postings, closed for applicants

Management Classifications – Legal Privilege

Classification	Definition	Examples
Legally privileged information	Information and data subject to legal privilege.	• Advice provided to RMIT Group by a lawyer
Information that is NOT legally privileged	Information and data not subject to legal privilege	• College of Business and Law course materials

Management Classifications – Information Domain

Classification	Definition	Examples
Person	Data and information relating to an individual and their identity, typically defining who they are in relation to the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• A record of a person including first name, surname and date of birth
Internal Organisation	Data and information relating to a subset of the RMIT Group, typically representation an organisation of capabilities that enable the achievement of RMIT Group goals. Refer to the RMIT Information Domain Register for more details.	• Data and Information about an academic organisation
External Organisation	Data and information relating to an external entity, not identified as a person or as part of RMIT Group, that has a relationship with RMIT University. Refer to the RMIT Information Domain Register for more details.	• Information on RMIT education delivery partners • Data and information on regulatory bodies Supplies, vendors, partners
Location	Master data representing RMIT Group places and spaces. Refer to the RMIT Information Domain Register for more details.	• Room numbers • Campus identifies
Curriculum	Data and information relating to courses, programs, training packages, modules and their units across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Master record of accredited or approved courses, programs, training packages, modules and their units • Information on course proposals and curriculum content which are not approved or did not proceed to approval stage.
Learning & Teaching	Data and information relating to the delivery and provision of courses, programs, training packages, modules and their units across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Class lists and attendance registers. • Assessment results • Course delivery materials
Student Management	Data and information relating to student administration across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Data and information about student enrolment, re-enrolment, student transfers, credit transfer, recognition of prior learning, deferment, exemptions, withdrawals, leave of absence
Research Management	Data and information relating to the administration and management of research activities of the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Data on funding details, citations of outputs and publications related to the research • Joint venture agreements, memorandums of understanding.
Finance	Data and information relating to financial management across RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Annual financial statements and associated background documentation • Procurement records
Human Resources (HR)	Data and information relating to RMIT Group staff, including recruitment, staffing, training, development, performance appraisals, salary administration, misconduct and termination. Refer to the RMIT Information Domain Register for more details.	• Staff records • Position descriptions
Assets & Facilities	Data and information relating to the security, maintenance and development of RMIT Group property, land and assets. Refer to the RMIT Information Domain Register for more details.	• Information about removal, storage and disposal of hazardous materials and waste • Data about hire or bookings of RMIT buildings, gardens, equipment, vehicles or other infrastructure. • Surveillance camera footage
Advancement	Data and information relating to RMIT Group alumni, donor relations and gifts. Refer to the RMIT Information Domain Register for more details.	• Donor transactions
Marketing & Communications	Data and information relating to marketing and communications of the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Marketing campaigns • Staff newsletters • Social media posts
Planning & Performance	Data and information relating to projects and performance of the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Summary documentation of projects • Data and Information on project registers
Service & Operations	Data and information relating to the service activities across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Student Services activities • Operation service catalogue
Governance	Data and information relating to the policies, risks and incidents across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Riskware data
Legal & Compliance	Data and information relating to the contracts, agreements and legal activities across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Summary records for all contracts managed by the University. Includes contract registers and systems
Library & Collections	Data and information relating to the collection and preservation of long-term records and artefacts across the RMIT Group. Refer to the RMIT Information Domain Register for more details.	• Information on the preservation, protection, maintenance, restoration and enhancement of information resources and artefacts • Master set of commissioned photographs and moving images on RMIT Group activities • Destruction of Information templates
Group	Data and information relating to RMIT Group communities. Refer to the RMIT Information Domain Register for more details.	• Data about student clubs