1. Purpose
The purpose of this policy is to establish a framework for classifying and protecting information assets at Speak AI Inc. based on sensitivity, regulatory requirements, business value, and risk exposure. This policy ensures that information is handled appropriately to maintain confidentiality, integrity, and availability.
2. Scope
This policy applies to all employees, contractors, and third parties who have access to Speak AI Inc.'s information assets, including but not limited to digital records, emails, reports, audio/video data, customer data, and documentation.
3. Information Classification Levels
Speak AI Inc. classifies information into the following categories:
3.1. Public
Description: Information that is intended for public release and poses no risk if disclosed.
Examples: Marketing materials, website content, published reports, blog posts.
Handling: No restrictions on access, storage, or distribution.
3.2. Internal Use
Description: Information that is restricted to Speak AI Inc. employees and authorized partners.
Examples: Internal emails, process documentation, operational reports, internal training materials.
Handling: Shared only with authorized individuals within Speak AI Inc.; minimal security controls required.
3.3. Confidential
Description: Information that, if disclosed, could cause moderate damage to Speak AI Inc., its customers, or stakeholders.
Examples: Customer communications, unpublished research, business development plans, pricing strategies.
Handling: Encryption required for storage and transmission; limited access based on business need.
3.4. Restricted
Description: Highly sensitive information that, if compromised, could cause significant harm to Speak AI Inc. or its customers.
Examples: Personally Identifiable Information (PII), payment details, authentication credentials, proprietary code, and confidential legal agreements.
Handling: Strong encryption required; access limited to essential personnel only; storage in secure environments.
4. Roles and Responsibilities
4.1. Management
Approves and oversees the implementation of this policy.
Ensures adherence to legal and regulatory requirements.
4.2. Employees & Contractors
Understand and apply information classification levels when handling company data.
Report any suspected policy violations or data breaches.
4.3. IT & Security Team
Implements technical controls to enforce classification policies.
Conducts periodic reviews to ensure compliance.
5. Information Handling & Protection Requirements
Classification Level | Access Control | Storage | Transmission | Disposal |
Public | No restrictions | No restrictions | No restrictions | No restrictions |
Internal Use | Limited to employees/authorized personnel | Basic security controls | Secure transmission recommended | Secure disposal preferred |
Confidential | Role-based access control (RBAC) | Encryption at rest | Encrypted transmission | Secure deletion required |
Restricted | Strict access controls | Strong encryption | Encrypted transmission with multi-factor authentication (MFA) | Secure destruction required |
6. Compliance & Enforcement
Failure to comply with this policy may result in disciplinary actions, including but not limited to access revocation, termination, or legal action as necessary.
7. Review & Updates
This policy will be reviewed annually or as required by changes in business operations or legal requirements.
For additional information, please refer to Speak AI's Data Classification Policy or contact [email protected].