When working with information assets, the following points need to be considered:
- There is no requirement to explicitly mark routine OFFICIAL assets.
- Applying too high a marking can inhibit sharing and lead to unnecessary and expensive protective controls;
- Applying too low a marking may result in inappropriate controls and potentially put sensitive assets at greater risk of compromise.
- When working with documents, classifications must be in CAPITALS at the top and bottom of each page.
- More sensitive information should be separated into appendices, so the main body can be distributed widely with fewer restrictions.
- Sensitive material published on intranet sites must also be clearly marked.
- It is good practice to reference the classification in the subject line and/or text of email communications.
- Only originators can classify an asset or change its classification, though holders of copies may challenge it with a reasoned argument.
- Everyone who works with government (including staff, contractors and service providers) has a duty of confidentiality and a responsibility to safeguard any HMG information or data that they access, irrespective of whether it is marked or not.
