Navigated to

Information classification

Information classification is used to describe and assess the information that will be processed during the research. Processing can involve everything from collecting to processing, analysing, sharing, publishing and deleting of information. The purpose is to identify the value of the information and data in the project and to find the right level of protection.


Assess the level of protection

When assessing the level of protection for data and information managed in a research project, consider the consequences for individuals, your own organisation and external parties if the information were to be disclosed, corrupted or not available.

The level of protection is determined based on three main aspects: confidentiality (C), integrity (I) and availability (A). Together, these form a CIA value that determines how the information should be protected. The protection value is given in the range 1–4.

Download templates and read more about conducting an information classification on Aktum (UMU ID required)

Once you know the protection value of the information processing, you can start planning information and data management in the project and adapt the protection. In connection with this, you can also conduct a risk and vulnerability analysis.

Download templates and read more about information classification on Aktum (UMU ID required)

Check if your department has conducted an overall analysis

If your department has already conducted an overall analysis of information security, cybersecurity and data protection within your research field, much of the work has already been done for you. You can use the information classification and risk analysis that have already been conducted in the overall analysis when planning your project’s information and data management.

By following your department’s local instructions with a checklist for information security in the research field, you will be able to utilise the security measures that your department has identified in its analysis. This can be in the form of technical solutions and procedures to protect research data and minimise risks in the project. 

You can then use what is known as a simplified information classification of data collection to match and document the protection value of a particular data collection before you process or store data in information systems, such as IT systems, research infrastructures or repositories.

Ask your head of department if an overall analysis of information security, cybersecurity and data protection has been conducted by your department and request to receive the overall analysis and local information security instructions with a checklist for the research field.

Read more about the support model for analysing information security, cybersecurity and data protection in research projects on Aktum (UMU ID required)


 

Latest update: 2025-06-05

Illustration som föreställer en skylt med vägvisning

Guide to managing research data

Brief chronological guide to managing research data, with further reading.

Risk and vulnerability analysis

Necessary safeguards for protecting research data.

Detalj på två personer som sitter vid ett bord med papper och pratar med varandra. För att illustrera samarbete, möte eller grupparbete.

Plan a project

Plan for information security, selecting IT services and writing agreements.