- News
- Events
- Winter Storm Event 2023
-
- Deferred Compensation
- Employee Assistance Program
- eForms
- Email Services
- Benefits
- Employee Self Service
- Lactation Accommodation Request Form
- Dimensions System
- VHR Program
- Employee Safety and Health
- Staying Connected
- Kaiser Occ Health
- Flexible Spending Account
- Disaster Worker
- Trainings
- Drug-Free Workplace
-
- Preface
- 1-1 Advisory Bodies Roles and Relationships
- 1-2 Providing County Support of Grant Applications from Outside Agencies
- 2-1 Policy for Submitting Agenda Items
- 2-2 Departmental Representation at BOS Meetings
- 2-3 Policy for Board Chambers Security
- 3-1 Policy for Appropriation Transfers
- 3-2 Travel and Meal Reimbursements
- 3-3 Interdepartmental Billings for Services Policy
- 3-4 Policy for Memberships to Professional Associations & Organizations – Use of Public Funds
- 4-1 Performance Evaluations
- 4-2 Policy for Position Allocation List
- 4-3 Position Reclassifications
- 4-4 EEO Policy
- 4-5 Departmental/Internal Reorganizations
- 4-6 Policy for Hiring/Retaining Personnel Services in EMP or Ind. Contractor Status - See Civil Service Rules
- 4-7 Policy for Flexible Merit Increases
- 4-8 Advanced Salary Step Appointments
- 4-9 Policy for Relocation Incentives
- 4-10 Medical Leave Policy
- 4-11 Preemployment Preplacement Screening Policy
- 4-12 COVID-19 Vaccination and Testing Policy
- 4-13 Telework Policy
- 4-14 Lactation Policy
- 5-1 Vehicle Use
- 5-2 Policy for Capital Project and Asset Responsibility
- 5-3 Public Art Policy
- 6-1 Records Retention Storage Destruction Policy
- 6-2 Incompatible Activities Policy
- 6-3 TTrD Policy
- 6-4 Safety Management Policy
- 6-5 Identity Theft Prevention Program
- 7-1 Purchasing Policy
- 7-2 Real Property Acquisition and Management Policy
- 8-1 Investigations of Alleged Inappropriate Activities
- 8-2 Reasonable Suspicion Policy
- 8-3 Safety and Security for County Employees
- 8-4 Policy for Receipt and Distribution of Tickets or Passes
- 9-1 Official Use of Social Media Sites Policy
- 9-2 IT Use and Security Policy
- 9-3 Website Accessibility Policy
- 9-4 Information Technology Professionals Policy
- 9-5 Information Technology Governance Policy
- 9-6 Information Technology Artificial Intelligence (AI) Policy
- Employee & Volunteer Engagement & Recognition (EVER)
- Combined Fund Drive
- Website Accessibility Assistance
- Back to Administrative Policy Manual
9-2 Information Technology Use and Security Policy Manual - Chapter V: Data Classification Policy
Return to IT Use and Security Policy Manual Table of Contents
Approved by: Board of Supervisors of the County of Sonoma (“County”), and the Boards of Directors of the Northern Sonoma County Air Pollution Control District, the Russian River County Sanitation District, Sonoma Valley County Sanitation District, Occidental County Sanitation District, South Park County Sanitation District, and the Board of Directors of the Sonoma County Agricultural Preservation and Open Space District (collectively referred to hereinafter as “Special Districts”), and the Sonoma County Water Agency (“Agency”), and the Board of Commissioners of the Sonoma County Community Development Commission (“Commission”). The County, Special Districts, Agency and Commission are collectively referred to herein as “Local Agencies” or singularly as “Local Agency.”
Read next: VI. Information Security Incident Management Policy
What's on this Page
This Policy directs Local Agencies to classify their data to ensure the required security measures are applied.
Local Agencies may not rely on this Policy to make determinations or implement the requirements of the California Public Records Act (Government Code Sections 6250-6265).
A. Data Categories
Data Owners must classify Local Agency data into one of the following categories:
- Confidential – Information protected from use and/or disclosure by law, regulation or standard, and for which the highest level of security measures are required.
- Restricted – Information that requires special precautions to protect from unauthorized use, access, or disclosure.
- Public - Information that is available for general access without review by the Data Owner and/or County Counsel.
B. Data Classification Assignment
- Default classification assignment for data is Restricted.
- Any collection of data containing different classification assignments must be classified as a whole at the level applicable to the data with the highest assignment.
- Classifications assigned to Local Agency data must be reviewed upon changing usage or law, and reclassified if necessary.
- The classification level of replicated data must remain consistent with the original data.
C. Security Requirements
- Each data category has security requirements based on law, regulation, common business practice, liability or reputational factors.
- Security controls must be applied to each data category based upon the identified security requirements, and commensurate with the value of the information and risk of loss.