Document classification and security is an important issue for businesses and governments.
Information is exchanged between users and organizations that collaborate to pursue a business goal. Where sensitive information is involved, it is assumed that the parties will have agreed what information is sensitive and how such information will be identified and handled. Any recipient of a resource will rely upon the provider of the information to follow the agreed procedures to identify the sensitivity of the information.
Office provides standardised means for such sensitivity information to be expressed and may be used between parties if interoperable systems are to be implemented. It provides a set of standard “fields” that can be used to hold sensitivity information. It does not attempt to define what the contents of these “fields” should be. This approach is an improvement upon the only alternative that exists at the moment, which is for the provider to use an arbitrary means to express sensitivity that may not be useful to a recipient.
While this standard has been developed with the intent that it would be applicable in any domain of activity, Office retained the aerospace and defense industry nomenclature and categories, where sensitivity marking results from national security, export control and intellectual property policies.
Office implemented the open standards produced by TSCP (Transglobal Secure Collaboration Participation, Inc.) independent of a specific vendor. Two of them are interesting:
The default BAF categories for Office are listed below.
Only the "Intellectual Properties" category will modify the layout of the document with a watermark, fields in the header and footer and an information bar on top of the document area. Each item inserted in the document is controlled by the classification configuration file.
Intellectual property is a generic term for the nature of the contents of the document. Select this category for general purpose document classification.
Selects the category of this document for the national security policy type. The selected category is saved together with the document as BAILS metadata in the file properties and no modifications is carried in the document layout or the user interface.
Selects the category of this document for the export control policy type. The selected category is saved together with the document as BAILS metadata in the file properties and no modifications is carried in the document layout or the user interface.
Refer to your corporate data security policy and information security officers for support in document classification.
Office provides default levels of document classification (BAILS) shown below, sorted by increasing level of business sensitivity:
Office allows customization of the levels of classification for your business. To customize the number and the name of the levels, copy the file example.xml located in Tools - Options - Office - Paths - Classification into a local folder and edit the contents.
Use the file with your Office locale in the name as example.
Save the file and make the adequate changes to the classification path above to access the file.
Your system administrator can place the file in a network folder and make all users access the classification settings file.
To prevent a breach in the security policy, contents with high classification level pasted to documents with lower classification level are not allowed. Office will display a warning message wherever it detects that the contents of the clipboard have higher security classification than the target document.