Confidential – The information assets which have high confidentiality value belong to this category. Only a limited set of authorized users shall access these information assets. Examples include business strategy and personnel files.

Internal – The information assets which can be distributed within all offices of SQAI belong to this category. Examples are office orders and internal circulars.

Public – The information assets which do not have any confidentiality requirement and / or can be disseminated to the general public belong to this category. Examples include annual financial report of SQAI and information displayed on SQAI’s website.

Handling and labelling of all media shall be according to its indicated classification level.

Depending on the classification of information, electronic transmission, copying and distribution of copies of such information, shall require prior approval of SO/CTO/CEO, as applicable.

Mailing and/or shipment of confidential information shall require that information be sent through a reputed mail service / courier with proper authentication.

Confidential information shall be stored with proper security.

Formal record of the authorized recipients of data shall be maintained in an audit trial.

Storage of media shall be in accordance with the manufacturers’ specifications and according to the key principals of this policy.

Distribution of data shall be based on “need to know” and “need to use” principles.