Now available: ETH Office templates with classification note
A few months ago, ETH introduced a new classification system to mark the confidentiality of information. Now, corresponding Office templates are available to the entire ETH community.
A new system for classifying data confidentiality was introduced at ETH last summer to facilitate the exchange, use and protection of research and administrative information. An overview of the new classification system is provided in the Internal news article Protecting confidential data: the new classification system at ETH.
The official ETH Office templates for commonly used Microsoft Office documents (e.g. reports, letters, agendas, presentations) are now available with corresponding classification notes to indicate confidentiality. These can be downloaded from the Template offer of Corporate Communications. The Word templates are automatically available on Windows PCs used by the central administrative units (under the “File” menu → “New” → “Personal”). Members of the decentralised units can contact their IT Service Group (ISG) for setup.
What is the need for classification?
By classifying the confidentiality of this data, the authority responsible for classification, e.g. the information owner, can show other users what level of protection their documents require, and what security measures are to be taken (see Directive on Information Security, Appendix 2). The respective level of confidentiality arises from the presumed risk posed to ETH if the information in question were to land in the hands of unauthorised individuals (see Directive on Information Security, Appendix 1b).
How to use the templates
The new classification notes allow documents to be specifically marked as “INTERNAL”, “CONFIDENTIAL” and “STRICTLY CONFIDENTIAL” (on the cover sheet and automated in the footers). Formally, only data assigned the two highest levels of confidentiality (“CONFIDENTIAL” and “STRICTLY CONFIDENTIAL”) must be marked accordingly (see Art. 20 Sentence 3 of Directive on Information Security).
Documents intended for the general public or for internal ETH use do not usually need to be obligatorily marked, but “INTERNAL” gives an important indication that the data is in principle intended for ETH members only and should be handled accordingly. This means it is definitely useful to actively use this note as well. For reports and PowerPoint presentations, templates with or without classification notes can be selected.
Incidentally, Appendix 1a of the Directive on Information Security contains recommendations as to which classification level information owners should select for which type of document.
Where can I find information about...?
- An overview of the new classification system is provided in the Internal news article Protecting confidential data: the new classification system at ETH.
- An introduction to the new rules governing classification can be found in the Internal news article Cloud usage and classification of data confidentiality: new policies now in effect.
- An overview of the new rules governing the use of cloud services can be viewed here: Secure use of the cloud: when can confidential data be transferred to external cloud services?
- Regulation for the correct classification of data confidentiality: Directive on Information Security at ETH Zurich
- Rules for the use of cloud services: IT Guidelines and IT Baseline Protection Rules of ETH Zurich
- Information on the use of ETH IT resources and infrastructure: ETH Zurich Acceptable Use Policy for Information and Communications Technology (“BOT”)