Information Classification Policy
SupportLogic converts your existing system of records (ticketing platform) into a Systems of Intelligence that provides actionable insights. Our mission is to prevent issues from slipping through the cracks while providing management and executive teams (across support, customer success, product, and engineering teams) powerful, customizable, and self-service dashboards.
All SupportLogic associates share in the responsibility for ensuring that SupportLogic information assets receive an appropriate level of protection by observing this Information Classification policy:
- SupportLogic Managers or information ‘owners’ shall be responsible for assigning classifications to information assets according to the standard information classification system presented below. (‘Owners” have approved management responsibility. ‘Owners’ do not have property rights.)
- Where practicable, the information category shall be embedded in the information itself.
- All SupportLogic associates shall be guided by the information category in their security-related handling of SupportLogic information.
- All SupportLogic information and all information entrusted to SupportLogic from third parties falls into one of four classifications in the table below, presented in order of increasing sensitivity.
All SupportLogic information and all information entrusted to SupportLogic from third parties falls into one of four classifications in the table below, presented in order of increasing sensitivity.
Unclassified Public
Information is not confidential and can be made public without any implications for SupportLogic. Loss of availability due to system downtime is an acceptable risk. Integrity is important but not vital.
- Product brochures widely distributed
- Information widely available in the public
- domain, including publicly available SupportLogic web site areas
- Newsletters for external transmission
Proprietary
Information is restricted to management-approved internal access and protected from external access. Unauthorized access could influence SupportLogic’s operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital.
- Passwords and information on corporate security procedures
- Know-how used to process client information
- Standard Operating Procedures used in all parts of SupportLogic’s business
- All SupportLogic-developed software code, whether used internally or sold to clients
Client Confidential Data
Information received from clients in any form for processing in production by SupportLogic. The original copy of such information must not be changed in any way without written permission from the client. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
- Client data (e.g. CRM integrations)
- Client information
- Client communications (including, Emails, Slack communication, in-product messaging)
Company Confidential Data
Information collected and used by SupportLogic in the conduct of its business to employ people, to log and fulfill client orders, and to manage all aspects of corporate finance. Access to this information is very restricted within the company. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
- Salaries and other personnel data
- Accounting data and internal financial reports
- Confidential customer business data and
- confidential contracts
- Non disclosure agreements with clients/vendors
- SupportLogic business plans