Cybersecurity
Cybersecurity
How to classify documents
New templates in MS Office facilitate mandatory labelling for all work documents
ccording to the newly introduced Group standard, all ŠKODA AUTO employees must follow the confidentiality classification when creating their documents. All materials are labelled as public, internal, confidential or secret. You could read about the way in which documents can be divided into individual categories in the June 2020 issue of ŠKODA Mobil. That is why we are providing further details on how to work with document labelling.
Documents in the confidential or secret mode can also be shared via TeamWeb/iTeamWeb. In that case, however, the team space must set the appropriate classification level.
The documents affected by the classification are defined by the ON.1.022 Information Security and ON.1.037 File Rules organisational standards. These include nearly all analogue and digital written, video, audio and other information passed on by the creator. That is anything from correspondence and accounting documents and statements to, for example, audio recordings. “You need to label them with a degree of classification at the time of the document creation or delivery”, emphasises Pavel Šimek, head of FIG – IT Governance, Security and Service Management. Apart from that, you must not forget to add the discard label and deadline. You do this by overwriting the pre-prepared SXX label in the footer of the document template in MS Office. If you cannot do so at the time you create the document, you need to do it at the latest when disposing of the document – that is, when its use comes to an end or its validity expires. You can also add information about the triggering event that starts the discard period.
Useful aid
Each organisational unit must keep a list of its stored and archived documents. After the discard labels and deadlines have been approved, the list is issued as Internal Documentation (ID), which is used by all of the unit’s employees to label created or delivered documents correctly. “The ID check (existence/topicality) takes place within the IMS internal audits, as well as the ISO 9000 – Quality Management System and ISO 27001 – Information Security Management System external certification audits”, Šimek adds. ED
Please visit ŠKODA Space for an overview of classification information in terms of content confidentiality.