POLICY ON THE SECURITY CLASSIFICATION OF DOCUMENTS

POLICY ON THE SECURITY CLASSIFICATION OF DOCUMENTS Policy on the Security Classification of Documents Page: Page 1 of 22

Recommended by Approved by Executive Management Team Board of Directors Approval Date Version Number 1.1 Review Date September 2012 Responsible Director Responsible Manager (Sponsor) For use by Chief Executive Corporate Secretary All Trust Employees This policy is available in alternative formats upon request. Please contact the Corporate Governance Assistant on 01204 498379. Policy on the Security Classification of Documents Page: Page 2 of 22

CHANGE RECORD FORM Version Date of change Date of release Changed by Reason for change 0.1 21 July 2009 22 July 2009 P.D. Howard Document creation 1.0 26 Nov 2009 26 Nov 2009 P.D. Howard Board approved version 1.1 4 May 2010 P.D. Howard Amended in light of revised information on handling of restricted documents Policy on the Security Classification of Documents Page: Page 3 of 22

POLICY ON THE SECURITY CLASSIFICATION OF DOCUMENTS Contents Section Page 1. Introduction 5 2. Drivers and legal framework 5 3. Scope and definitions 6 4. Responsibilities 6 5. Key points in classifying and handling documents 7 6. Personnel security controls 8 7. Protective markings 10 8. Access to protectively marked documents 11 9. Sharing of protectively marked information 13 10. Destruction of protectively marked documents 14 11. Which classification to use 15 12. How to apply the protective marking to documents 17 13. References 17 Appendices App 1 Aide-memoire for the management of classified documents 18 App 2 Classified document register 20 Policy on the Security Classification of Documents Page: Page 4 of 22

1. INTRODUCTION 1.1 The Policy on Security Classification of Documents provides the Trust with a framework on which to base the security marking and subsequent handling of its documents. It is essential from the outset to understand the rationale behind classifying documentation, and to iterate the need to avoid the unnecessary restriction of documents. Criteria for the provision of specific security markings are provided at s.11 of this policy and a principle of not applying security markings unless absolutely necessary should be adopted by document authors. 1.2 The majority of documentation within the Trust will be classified as not protectively marked and only in necessary circumstances should an alternative marking be utilised. 2. DRIVERS AND LEGAL FRAMEWORK 2.1 In March 2008, the Cabinet Office Civil Contingencies Secretariat published a document entitled Security Vetting and Protective Markings: a guide for emergency responders. The document provides a précis of the content of the Cabinet Office Manual of Protective Security, since replaced by the Security Policy Framework, and confirms the requirement for Category 1 and 2 responders, as defined by the Civil Contingencies Act 2004, to follow these procedures when managing all protectively marked material. It therefore follows that the Trust, as a Category 1 responder, is required to adopt a policy with regard to this issue. 2.2 In addition to the security classification of documents, readers attention is also drawn to the associated handling and destruction requirements for each category of document. These must be observed and it is the responsibility of each individual member of staff to ensure the integrity of storage and destruction as outlined within this policy. 2.3 In apparent contrast to the requirements identified above are the requirements of the Public Bodies (Admission to Meetings) Act 1960 and, more recently, the Freedom of Information Act 2000. These statutes provide members of the public with the freedom to attend meetings of the Board of Directors and to request and receive copies of documentation held by the Trust. 2.4 Whilst the provisions of the Freedom of Information Act 2000 are contained within a separate Trust policy, due regard must be had for the requirement that any restriction on publication which would include the application of a security classification is in line with ss.21-43 of the Act. Additionally, only a small number of the reasons for non-disclosure within the Act are absolute, and the majority require the application of a public interest test in order to ascertain necessity to restrict publication. Policy on the Security Classification of Documents Page: Page 5 of 22

2.5 In the interests of clarity, document authors are advised that the inappropriate application of security classification will not prevent publication of the document under the Freedom of Information Act 2000. 2.6 It should also be borne in mind that the rationale for the application of a security classification to a document may be based on the content of a small amount of the total document. It may therefore be appropriate to release a security classified documents under the Freedom of Information Act 2000 in a redacted format. 2.7 Where a classified document is released in full under the Freedom of Information Act 2000, the document should be annotated as such for future reference. An example of such annotation would be RELEASED UNDER FOI IN FULL ON [DATE] 3. SCOPE AND DEFINITIONS 3.1 This policy applies to all employees of the Trust. 3.2 The term employee relates to all persons directly employed by the Trust, including Non-Executive Directors. Document handlers should also satisfy themselves that any outside agencies with due cause to receive documents have similar robust policies in place before sharing any document carrying a security classification. 3.3 The term document refers to any written materials produced or received by the Trust. This includes emails, faxes, letters and reports although this list is not intended to be exhaustive. 3.4 The term author refers to the person creating the document. In general, security classifications should be applied at the time of document creation and the necessary precautions and restrictions adopted immediately. 3.5 The term document handler refers to any person who has cause to be provided with any document. This may be on a temporary or permanent basis and responsibility for the security of any document rests with the person who has been provided with the document. 3.6 The term security classification or classification refers to those titles provided at s.11 of this policy, or those which following publication of this policy become implemented on a national basis. 4. RESPONSIBILITIES 4.1 It is the responsibility of each member of staff to familiarise themselves with the content of this policy. It is the responsibility of line managers to bring the content of this policy to the attention of new members of staff as part of their induction. Policy on the Security Classification of Documents Page: Page 6 of 22

5. KEY POINTS IN CLASSIFYING AND HANDLING DOCUMENTS 5.1 There are five protective markings that may be used. With the exception of protect, they are also classed as national security markings. The protective markings are as follows: i. Protect ii. Restricted iii. Confidential iv. Secret v. Top Secret 5.2 The classification protect can be appropriately applied to sensitive information that needs to be protected, both commercial and personal, which does not have a national security implication and where the use of restricted would be excessive. If protect is used it must be accompanied by an appropriate descriptor and examples are provided at s. 7.3.1 of this policy. 5.3 Materials classified as restricted and above must not be made available via a website or sent via non-secure email. 5.4 Material classified as protect must be handled in a similar way to restricted materials, with the exception that baseline encryption is not mandatory when sharing the information electronically. However, commercial encryption to FIPS 140 standard should be considered, and must be used for the transmission of personal sensitive data; particularly where it occurs in aggregate. 5.5 Materials classified as confidential or above should not be discussed over unsecured or public telephone networks. The risk of transmitting restricted materials over unsecured or public telephone networks is not managed centrally and document handlers must decide for themselves whether or not to accept the risk of doing so. 5.6 No information that is protectively marked should be made publicly available and it should only be seen by those with a specific need to know, and with the appropriate level of security clearance. 5.7 No specific clearance is required to handle material classified as protect or restricted. 5.8 All classified information should be shared on a strict need to know basis. 5.9 Those who are cleared to Baseline Standard (BS) may have access to confidential and occasional controlled access to secret information. 5.10 Those who are cleared to Security Check (SC) level may have long-term, frequent and uncontrolled access to secret information or assets, and occasional controlled access to top secret material. Policy on the Security Classification of Documents Page: Page 7 of 22

5.11 Those who are cleared to Developed Vetting (DV) level may have long-term, frequent and uncontrolled access to top secret information or assets. 5.12 It is not the intention of the Trust that members of staff will routinely be required to undergo security checks, and the majority of staff will be cleared to Baseline Standard only. In the event that a post-holder considers that there is a need to increase their level of security clearance, this should be discussed in the first instance with the Assistant Director of Emergency Preparedness. 5.13 Certain command levels within the organisation will, however, require Security Check (SC) clearance in order to facilitate the safe and effective transfer of information, both internally and with multi-agency partners where appropriate. The designated command levels which require such clearance are Gold, Silver, Bronze, Tactical Advisors and Executive Directors. 6. PERSONNEL SECURITY CONTROLS 6.1 As discussed above, there are three types of personnel security controls (vetting levels) that affect access to protectively marked information. These are: i. Baseline Standard (BS) formerly known as Basic Check (BC) and also known as Baseline Personnel Security Standard (BPSS) ii. Security Check (SC) iii. Developed Vetting (DV) 6.2 Baseline Standard (BS) 6.2.1 Those who are cleared to Baseline Standard (BS) level may have access up to confidential and occasional, controlled access to secret material. 6.2.2 The Baseline Standard (BS) is not a formal security clearance, but is designed to provide a level of assurance as to the trustworthiness and integrity of individuals whose work, in the main, involves uncontrolled access to, or knowledge or custody of, government assets protectively marked up to confidential. Baseline Standard checks are generally carried out as part of the normal departmental recruitment procedures, and aim to positively establish identity and obtain background information on the individual by taking up references. It also includes a check of the individual s nationality, right to work and a criminal record declaration. 6.2.3 For the purposes of the Trust, all existing employees who have undergone a formal recruitment process, conducted by the Trust directly, and who have received satisfactory references will be considered to be vetted to Baseline Standard (BS). It is intended that all new post-holders, including existing staff transferring within the Trust, who are identified as likely to require Baseline Standard vetting will undergo a Criminal Records Bureau (CRB) check on the occasion of their appointment or transfer. Policy on the Security Classification of Documents Page: Page 8 of 22

6.3 Security Check (SC) 6.3.1 Those who are cleared to Security Check (SC) level may have long-term, frequent and uncontrolled access to secret information or assets and occasional controlled access to top secret information or assets. 6.3.2 A Security Check may also be applied to staff that are in a position to directly or indirectly bring about the same degree of damage as those described in s. 6.3.1 or who need access to protectively marked material originating from other countries or international organisations. 6.3.3 A Security Check clearance will normally consist of: i. a check against the National Collection of Criminal Records and relevant departmental and police records ii. a check against Security Service records iii. a credit reference check and, where appropriate, a review of personal finances 6.3.4 In some circumstances further enquiries, including an interview with the subject, may be carried out. 6.4 Developed Vetting (DV) 6.4.1 Those who are cleared to Developed Vetting (DV) level may have long-term, frequent and uncontrolled access to top secret information or assets. 6.4.2 This level of clearance may also be applied to people who are in a position directly or indirectly to cause the same degree of damage as those described in s. 6.4.1 and in order to satisfy the requirements for access to protectively marked material originating from other countries and international organisations. 6.4.3 In addition to a Security Check, a Developed Vetting clearance will involve: i. an interview with the person being vetted ii. references from people who are familiar with the person s character in both the home and work environment. These may be followed up by interviews. Enquiries will not necessarily be confined to past and present employers or nominated character referees. 6.5 Further information on the vetting procedure can be found on the internet and relevant addresses are provided at s. 13 of this policy. Policy on the Security Classification of Documents Page: Page 9 of 22

7. PROTECTIVE MARKINGS 7.1 The purpose of protective markings is to indicate the value of a particular asset in terms of the damage that is likely to result from its compromise. The Protective Marking System ensures that sensitive information receives a uniform level of protection and treatment, according to its degree of sensitivity. 7.2 There are five protective markings, as outlined at s. 11, that define the degree of damage that would be caused should the information be compromised and with the exception of protect these are classed as national security markings. It is the responsibility of the author of the material to apply the appropriate protective marking. Recipients will know from the marking what measures are required to be employed in protecting the information. 7.3 Use of the protect classification 7.3.1 The large range of information that can be covered by protect means that a descriptor must be used. Examples of appropriate descriptors are provided in table i), below: Descriptor For internal use only LOCSEN Personal data Appointments Addressee only Staff in confidence Commercial Contracts Investigation Management Exempt from publication under s. [XX] Freedom of Information Act 2000 Examples of use For documents that should not be shared outside of the Trust For documents that contain locally sensitive information For documents that contain personal data For documents relating to actual or potential appointments not yet announced For documents intended to be seen only by the person to whom it is addressed For documents containing references to identifiable staff or personal confidences entrusted by staff to management For documents relating to a commercial undertaking s processes or affairs For documents concerning tenders under consideration and the terms of tenders accepted For documents concerning investigations into disciplinary or criminal affairs For documents that concern policy and planning which may negatively affect the interests of staff groups For documents that should not be placed in the public domain under the identified exemption within the Freedom of Information Act 2000 Table i): examples of descriptors for use with protect classifications Policy on the Security Classification of Documents Page: Page 10 of 22

7.3.2 Where protect is used as a classification, it should be written alongside its descriptor as follows: PROTECT: STAFF IN CONFIDENCE. 8. ACCESS TO PROTECTIVELY MARKED DOCUMENTS 8.1 No specific clearance is required to handle protect or restricted materials. However, the provisions of s. 8.2 shall still apply. 8.2 In order to view any protectively marked information, an individual must have: i. a need to know, which means that individuals should only see information that is related to their work; and ii. the appropriate level of security clearance 8.3 If there is a need to discuss protectively marked information outside of the Trust or with an individual who does not have the required level of clearance, permission must be sought from the document author. 8.4 Storage of protectively marked information 8.4.1 Protectively marked information must not be left unattended during working hours when staff are away from their desks and are unable to lock the room. Protectively marked documents must not be taken out of the office unless appropriate security measures are in place. No protectively marked documents should be stored out of the office unless appropriate security containers and security alarms are fitted to the areas. 8.4.2 The type of furniture required to store protectively marked information depends on the level of protective marking. The following are minimum requirements: i. protect and restricted materials can be stored in any lockable furniture ii. confidential and secret materials must be stored in furniture locked with a security (Mersey or butterfly) key or combination lock iii. top secret materials must be stored in furniture locked with a security (Mersey or butterfly) key or combination lock. This furniture must be in a lockable room with only a limited number of people permitted access to the room keys 8.4.3 Top secret and secret documents must be filed in numbered files or containers. It is useful to add a note of the file s contents so that individual files can be readily accessed when needed. 8.4.4 Additionally, clear desk policies should be routinely encouraged throughout the Trust in order to reduce the risk of unintended compromise of information. Policy on the Security Classification of Documents Page: Page 11 of 22

8.5 Security classification of electronic documents 8.5.1 The security classification of electronic documents follows the same principles as that for hardcopy material and electronic documents must be protected in the same way. The majority of IT systems are not accredited to carry material protectively marked above protect or restricted and confirmation should be sought from the IM&T directorate as to the classification of information which may be stored on users systems. 8.5.2 Due to the differences between electronic and hardcopy documents, some additional steps must be taken in order to protect electronic data: i. protectively marked information on computer disc, CD, memory stick or other electronic media must be marked with the security classification of the most highly-classified data stored on the device ii. protectively marked or sensitive information must not be saved on a palmheld computer (PDA) such as an ipaq or Palm iii. if there is a need to take protectively marked electronic documents away from the office, these must be protected in the same way as hardcopy material documents sharing the same classification. 8.5.3 Usual precautions when displaying protectively marked information on a VDU should be taken; these include: i. ensuring that no unauthorised individuals are able to view the document at the same time ii. ensuring full compliance with the requirement to lock workstations when not in use (utilising the ctrl+alt+del button function) iii. ensuring regular amendments to individual log-in passwords, and in particular ensuring that strong passwords are used. Further guidance on the generation of strong passwords, including a password strength check are available at www.microsoft.com/protect/yourself/password/checker.mspx 8.5.4 The Trust has installed suitable encryption software onto all its laptop devices and care should be taken not to store protectively marked information in alternative locations. Policy on the Security Classification of Documents Page: Page 12 of 22

9. SHARING OF PROTECTIVELY MARKED INFORMATION 9.1 Email 9.1.1 There are specific rules for sending protectively marked information by email: i. generally, not protectively marked and most protect material may be transmitted across any internet email system. Where sensitive personal data, especially in aggregate, or material marked protect personal data is being sent via email, this data should be commercially encrypted to FIPS 140 standard. Email accounts which contain a.gsi,gov.uk,.pnn.police.uk or nhs.net suffix meet this standard ii. material up to restricted level may be sent between two system which contain either.gsi.gov.uk or pnn.police.uk in their email address. If only one party has the.gsi, or.pnn suffix then material up to protect level may only be sent, subject to the caveat above in relation to sensitive personal data iii. material up to confidential level may be sent between two systems which contain x.gsi.gov.uk in their email address. If only one party has the x.gsi suffix, and the other has a.gsi, or.pnn suffix, then up to restricted level only may be sent. If only one party has the x.gsi suffix and the other does not have a.gsi suffix then material up to protect level only may be sent. 9.2 Telephone 9.2.1 When dealing with information protectively marked as restricted or above, it should not: i. be discussed over a non-secure telephone line or non-secure mobile telephone, unless it is restricted and the document handler has accepted the risk of doing so ii. be sent over a non-secure fax line (with the same caveat as above for restricted material) iii. be sent to a pager 9.3 Post 9.3.1 A return address should always be included when sending protectively marked information by post. This is due to the fact that all undelivered mail without a return address is opened at a Royal Mail sorting office where staff are not security cleared. The specific procedures for sending protect, restricted and confidential materials by post are: i. protect and restricted materials: address the envelope to an individual by name or job title and mark it addressee only. Do not include the classification on the envelope Policy on the Security Classification of Documents Page: Page 13 of 22

ii. confidential materials: follow the guidelines for restricted materials above. When sending away from the building, the envelope must be marked confidential and placed in a second envelope. Do not include the classification on the outer envelope. 10. DESTRUCTION OF PROTECTIVELY MARKED DOCUMENTS 10.1 Protectively marked documents should be reviewed regularly (at least annually) in order to ascertain whether they are still required. If no longer needed, it should be destroyed using the correct method for its classification and ensuring that no one will be able to put it back together to read it. A record will also be required in the Trust s registry. 10.2 The correct method of destroying the document will depend on its classification. 10.3 Protect and restricted materials should be shredded or placed into a confidential waste sack that is collected by an approved waste collector. This will make it unlikely that anyone will be able to read the information. 10.4 Confidential materials should be torn and placed in a confidential waste sack that is collected by an approved waste collector. 10.5 Secret materials should be shredded by placing the paper into the shredder at right angles to the print. The width of the shredded strips should be no more than 4mm and should not show more than two characters side by side. This will make it highly unlikely that anyone could put the document back together. When destroying secret documents, a record must be retained of the date the document was destroyed and who authorised its destruction. This record must be kept for five years. 10.6 Top secret documents must be destroyed in the same manner as secret documents, except that two people must witness the shredding and sign the registry. Policy on the Security Classification of Documents Page: Page 14 of 22

11. WHICH CLASSIFICATION TO USE 11.1 It is very important that, as an author, care is taken in selecting the appropriate protective marking. Over-marking should be avoided, as this risks bringing the system into disrepute as well as introducing inefficiencies such as unnecessarily limiting access, increasing the costs of security controls required to protect the information and impairing business efficiency. Equally, under-marking should be avoided which may put the asset at risk of accidental or deliberate compromise through inadequate protection. 11.2 The full definitions of each classification, as provided by the Cabinet Office, are as follows: 11.2.1 Top Secret the compromise of this information or material would likely: i. threaten directly the internal stability of the UK or friendly countries ii. lead directly to widespread loss of life iii. cause exceptionally grave damage to the effectiveness or security of UK or allied forces or to the continuing effectiveness of extremely valuable security or intelligence operations iv. cause exceptionally grave damage to relations with friendly governments; or v. cause severe long-term damage to the UK economy 11.2.2 Secret the compromise of this information or material would likely: i. raise international tension ii. damage seriously relations with friendly governments iii. threaten life directly, or seriously prejudice public order, or individual security or liberty iv. cause serious damage to the operational effectiveness or security of UK or allied forces or the continuing effectiveness of highly valuable security or intelligence operations; or v. cause substantial material damage to national finances or economic and commercial interests 11.2.3 Confidential the compromise of this information or material would likely: i. damage diplomatic relations (i.e. cause formal protest or other sanction) to prejudice individual security or liberty ii. cause damage to the operational effectiveness or security of UK or allied forces or the effectiveness of valuable security or intelligence operations iii. work substantially against national finances or economic and commercial interests iv. undermine substantially the financial viability of major organisations v. impede the investigation of or facilitate the commission of serious crime Policy on the Security Classification of Documents Page: Page 15 of 22

vi. vii. impede seriously the development or operation of major government policies; or shut down or otherwise substantially disrupt national operations 11.2.4 Restricted the compromise of this information or material would likely: i. adversely affect diplomatic relations ii. make it more difficult to maintain the operational effectiveness of security of UK or allied forces iii. impede the effective development or operation of government policies iv. undermine the proper management of the public sector and its operations v. cause financial loss or loss of earnings potential to, or facilitate improper gain or advantage for, individuals or companies vi. prejudice the investigation of or facilitate the commission of crime; or vii. disadvantage government in commercial or policy negotiations with others 11.2.5 Protect the compromise of this information or material would likely: i. cause financial loss or loss of earnings potential to, or facilitate improper gain or advantage for, individuals or companies ii. prejudice the investigation of or facilitate the commission of crime iii. disadvantage government in commercial or policy negotiations with others iv. cause substantial distress to individuals v. breach proper undertakings to maintain the confidence of information provided by third parties; or vi. breach statutory restrictions on the disclosure of information Policy on the Security Classification of Documents Page: Page 16 of 22

12. HOW TO APPLY THE PROTECTIVE MARKING TO DOCUMENTS 12.1 For all hardcopy documents, the security classification shall be placed in a central position at the top and bottom of every page. This shall be in arial or calibri font, at a minimum font size of 12 points, and emboldened. Black font should be used throughout the document, however the decision may be taken to utilise red font on the covering page only for documents classified as restricted and above. 12.2 For emails, the security classification will be placed in capital letters at the start of the subject line of the email. For example: PROTECT: update report attached. 12.3 Routine marking of documents as not protectively marked is not required. However, inclusion of such a statement should be considered where there may be a need to positively confirm that application of a classification had been considered and rejected. 13. REFERENCES 13.1 The following references were used in the production of this policy: Cabinet Office Civil Contingencies Secretariat (2008) Security Vetting and Protective Markings: a guide for emergency responders. HMSO: London Cabinet Office (2009) Security Policy Framework [online] Available at: http://www.cabinetoffice.gov.uk/spf/sp2_pmac.aspx [Accessed on 24 July 2009] Centre for the Protection of National Infrastructure (2009) Centre for the Protection of National Infrastructure [online] Available at: http://www.cpni.gov.uk [Accessed on 24 July 2009] Defence Vetting Agency (2009) Defence Vetting Agency [online] Available at: http://www.mod.uk/defenceinternet/aboutdefence/whatwedo/securityand Intelligence/DVA/ [Accessed on 24 July 2009] Microsoft Corporation (2009) Password Checker [online] Available at: http://www.microsoft.com/protect/yourself/password/checker.mspx [Accessed on 24 July 2009] Policy on the Security Classification of Documents Page: Page 17 of 22

Appendix 1: Aide-memoire for management of classified documents PROTECT RESTRICTED CONFIDENTIAL SECRET Marking - Top and bottom of every page - Arial or calibri font - Minimum 12 point bold, in black - Top and bottom of every page - Arial or calibri font - Minimum 12 point bold, in black - Cover page only may have red font As for RESTRICTED As for RESTRICTED Storage In lockable furniture As for PROTECT In lockable furniture secured with a security or combination lock As for CONFIDENTIAL Disposal Shredded or placed in confidential waste sack that is collected by an approved waste collector As for PROTECT Torn, and placed in a confidential waste sack that is collected by an approved waste collector Shredded by placing paper into shredder at right angles to the print. Width of strips no more than 4mm or two characters side by side. Must be documented in registry. Movement via Royal Mail/Courier/ Internal Mail In a sealed envelope, addressed to named individual or job title. Marked addressee only As for PROTECT As for PROTECT, however when sending away from the building envelope to be marked confidential and placed inside a second, sealed envelope with no external classification markings. Return address must be provided on outer envelope AS FOR CONFIDENTIAL Telephone May be used May be used if document handler accepts risk Must not be used Must not be used Policy on the Security Classification of Documents Page: Page 18 of 22

PROTECT RESTRICTED CONFIDENTIAL SECRET Email Commercial email providers or Trust internet may be used. Only between.gsi,.pnn and nhs.net addresses Only between x.gsi addresses Must not be used The protective marking TOP SECRET is unlikely to be utilised within the Trust and therefore if you are required to handle such material you will be briefed separately. Other points to note Consider whether a document still requires a protective marking. If not and the document author agrees, cancel the marking by crossing through it. Send protectively marked papers only to those with a need to know. If you are sending protectively marked information outside your department, tell the recipient what they can do with it, whether it can be shared further, and how it should be handled and stored. Tell them to contact you, as the sender, if they have queries or wish to share the information more widely. If you have an nhs.net account you are able to receive documents that are protectively marked up to restricted. However, the routine forwarding of nhs.net emails to your Trust account would not carry the necessary levels of protection and restricted documents should not be automatically forwarded to Trust accounts. Always clear your desk at night or when leaving your workstation and lock away protectively marked papers and removable computer media Policy on the Security Classification of Documents Page: Page 19 of 22

Appendix 2 Classified Document Register An example of the Classified Document Register (CDR), otherwise referred to as the Trust registry, is provided overleaf. Note should be made, however, of the following points: Serial Document title Number Classification This column will provide unique sequential numbering for all entries This is to be taken from the material and must clearly and uniquely describe the material The unique reference number of the material (e.g. issue number) The protective marking of the material Document date The date marked on the material. If the material is undated that this should be recorded. From Held Signature Disposal Witness signature and The organisation from whom the material has been received. If it is internally produced material then the word internal may be used here By whom or where the material is held. This should refer to a file, a safe or security cabinet or individual. If the material is sent outside the Trust, the receiving organisation should be listed. The person responsible or taking on responsibility for this material will sign here If the material is destroyed, then this fact must be recorded here. The date and method of destruction is to be recorded. Once the material is destroyed, a red line is to be drawn through th CDR entry to signify this fact. The destruction of protectively marked material must be witnessed. Both the witness and person responsible will sign here to testify to the fact of destruction. The CDR is to be a bound book loose leaf records are not permitted. Policy on the Security Classification of Documents Page: Page 20 of 22

NORTH WEST AMBULANCE SERVICE NHS TRUST CLASSIFIED DOCUMENT REGISTER Serial Document title Number Classification Document date From Held Signature Disposal Signature and witness Policy on the Security Classification of Documents Page: Page 21 of 22

This page has intentionally been left blank Policy on the Security Classification of Documents Page: Page 22 of 22