Information Classification Policy
This policy defines information classification levels and the minimum handling rules for each level.
| Owner | Information Security Officer |
| Contact | infra@lef.tec.br |
| Version | 1.1 |
| Last updated | 2025-03-26 |
| Review cadence | Annual (or after policy/legal changes) |
1. Purpose
Section titled “1. Purpose”To establish a consistent and risk-based approach to classify and protect information handled by LEF, ensuring that information is appropriately safeguarded according to its sensitivity and value.
2. Scope
Section titled “2. Scope”This policy applies to all LEF employees, contractors, systems, and third parties who access or process LEF information.
3. Classification Levels
Section titled “3. Classification Levels”LEF adopts the following information classification levels:
-
Public: Information that can be shared freely without risk to LEF.
Example: published marketing materials, job postings. -
Internal: Information intended for internal use only. Unauthorized disclosure may cause minimal or moderate impact.
Example: internal procedures, team communications. -
Confidential: Information whose unauthorized disclosure could negatively impact LEF’s operations, competitive advantage, or client relationships.
Example: contracts, internal financial reports, customer data.
All confidential projects are covered by NDAs.
4. Responsibilities
Section titled “4. Responsibilities”- All employees are responsible for identifying and handling information in accordance with its classification.
- The Information Security Officer is responsible for maintaining this policy and supporting its implementation.
5. Handling Guidelines
Section titled “5. Handling Guidelines”Each classification level requires different handling measures:
| Classification | Access Control | Storage & Transmission | Sharing & Disclosure |
|---|---|---|---|
| Public | Unrestricted | No special requirements | Freely shareable |
| Internal | LEF personnel only | Stored in Microsoft 365 (Teams, OneDrive, SharePoint); encrypted in transit | Only with other LEF personnel |
| Confidential | Role-based, need-to-know | Stored in Microsoft 365 and/or EVEO Private Cloud; encrypted in transit | Based on project assignment and covered by NDA |
Email disclaimers
Section titled “Email disclaimers”Outbound email includes a default bilingual disclaimer (EN/PT) managed in Microsoft 365. This adds legal protection but does not replace careful handling of sensitive information. See Microsoft 365 for the current footer.
6. Review and Updates
Section titled “6. Review and Updates”This policy is reviewed annually or whenever legal, regulatory, or operational changes require it.
7. Contact
Section titled “7. Contact”Questions about classification or handling of specific information should be directed to: infra@lef.tec.br
Records / evidence
Section titled “Records / evidence”- Exceptions (sharing/storage beyond the default rules):
- Awareness/communication of classification expectations: