ISO 27001 – Control 5.13 – Labelling of Information
Control 5.13 Wording
An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization.
What this means
This is the followup control to 5.12 – Classification. This control is designed to make sure that all business assets are labelled as part of securing information within the organisation. It’s all about marking your data so everyone knows how to handle it properly. Let’s break down what ISO 27001 says about this important practice.
What is Information Labelling?
Simply put, information labelling is the process of attaching clear markers to your organisation’s data. These labels tell people how sensitive the information is and how they should treat it.
Why is it Labelling Important?
- It helps everyone understand the value of the information they’re handling.
- It makes it easier to protect sensitive data.
- It supports automated information processing and management.
How to Implement Information Labelling
- Develop clear procedures: Create a set of rules that everyone can follow.
- Cover all formats: Your labelling system should work for both digital and physical information.
- Make labels easy to recognise: Use clear, consistent labels that stand out.
- Consider different media: Think about how to label information in emails, documents, databases, and physical files.
Labelling Techniques
You can use various methods to label information:
- Physical labels or stamps
- Headers and footers in documents
- Adding the classification to the file name
- Watermarks
Digital Information
For digital information, files need to be labelled. One of the easy ways to do this is folder name or file names that clearly have the classification shown. It’s especially important for maintaining confidentiality and enabling efficient searching.
Training and Awareness
Make sure everyone in your organisation understands:
- How to use the labelling system
- Why it’s important
- How to handle information based on its label.
When you are just starting out on your ISO 27001 implementation this can be a big change for everyone to get their head around. Be patient and keep reminders available to prompt for labels.
Potential Drawbacks
While labelling is generally beneficial, be aware that it can sometimes make sensitive information easier for malicious actors to identify. Balance is key.
Conclusion
Information labelling is a simple yet powerful tool for protecting your organisation’s data. By implementing clear procedures and training your team, you can significantly enhance your information security. Remember, the goal is to make it easy for the right people to access information while keeping it safe from those who shouldn’t see it.
If you want to talk about information security in your organisation then please book a free call here or email us here