Policy Name
Information Labeling, Handling and Disposal Policy

This policy describes the requirements to properly label, handle, dispose and protect information (or data) based on data classification levels.

  • Information must be labeled regardless of media type (e.g. hard disks, tapes, removable media) and location.
  • Electronic information (e.g. e-mail, files, databases) must display or include the data classification to allow the appropriate protection and access to the information.
  • Printed information (e.g. reports, documents) must display the data classification that is clearly legible.
  • Sensitive information (e.g. Confidential or Secret) must be secured from unauthorized access or misuse.
  • Locked bins must be used to store sensitive documents or media (awaiting disposal or transportation).
  • Information must be transported and secured using an approved vendor or company process to protect information based on its data classification.
  • Information must be disposed of appropriately:
    • Evidence of hand-off of information to disposal vendor (if third party is used)
    • Paper documents and removable media (e.g. tapes, CD's) must be cross-cut shredded or incinerated
    • Destruction of information must be certified by disposal vendor
    • Hard disks must be disposed of according to hard disk disposal guidelines and procedures


The following benefits will be achieved:

  • Data protection and prevention of unauthorized disclosure of sensitive information
  • Information will be properly labeled, handled and disposed of according to data classification

All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up and including termination of employment or contract.

Information (Data) Classification, Labeling and Handling