How to classify information
Contents
In the UK and internationally, security classifications are used to protect different kinds of information.
What we use in Defence
In Defence, like all other UK Government departments, we use 3 levels of security classification:
- OFFICIAL
- SECRET
- TOP SECRET
What you need to do
You need to be aware of the security classification of all information you deal with. This includes when you:
- speak in meetings
- add comments to online tools
- write and share messages
When you send emails on MODNET, you will be asked to select the security classification.
If you create new information or capture new data, check how to mark it.
Do not over classify information
If you classify information higher than it needs, people may struggle to access it. For example, services classified as SECRET do not let users access the internet.
Managing SECRET information is at least 10 times more expensive than OFFICIAL information.
OFFICIAL information
The majority of information created or used in Defence is at OFFICIAL level. The consequences of this information being shared are similar to those faced by a large private company with valuable information.
OFFICIAL information includes:
- the day-to-day business of government and service delivery
- many aspects of Defence, security and resilience
- routine international relations and diplomatic activities
- public safety, criminal justice and enforcement activities
SECRET information
Some information in Defence is considered very sensitive and must be protected from any highly capable people or organisations that are determined to cause harm.
This includes information where tampering, loss or access by unauthorised people could:
- directly threaten an individual’s life
- cause serious damage to UK or allied military capability
- impact the investigation or prosecution of serious organised crime
You will usually know that you are working on information or systems classified as SECRET.
TOP SECRET information
A small amount of information in Defence must be protected from the most serious threats.
This includes information where tampering, loss or access by unauthorised people could:
- lead to widespread loss of life
- threaten the security or economic stability of the UK or friendly nations
- cause exceptional damage to UK or allied military capability
It will be clear that you are working on information or systems that are TOP SECRET.
Classifying large amounts of data
Some products and services in Defence create or process large amounts of data. These projects usually have an information asset owner.
To classify data correctly, the information asset owner needs to fully understand how sensitive it is and the likely threats.
Collecting large amounts of data does not always mean that you have to classify it higher.
Related guidance
Updated April 2023