UCL Research Data Information Security Management System Data Classification and Environment Tiering Policy #
Document Name: RISM06-Data_Classification_and_Tiering_Policy
Classification: Public
Author: Tim Machin
Version: 1.1
Created: 31/01/2025
Last Review: 07/04/2025
Last Reviewed by: Preeti Matharu
Approved by: OMG
Approved date: 12/03/2025
Review Period: 3 Years
1. Document Overview #
The following document details the approach to data classification and Environment tiering for research data which falls under the scope of the Research Data ISMS.
In the Research Data ISMS an “Environment” refers to an architecture made up of applications, and infrastructure used to store and process data.
This document defines the policy and process through which UCL research data is categorised and assigned to an Environment Tier. Once assigned to a Tier the data will be stored and processed in an Environment of that Tier (or higher).
The purpose of this document is to ensure research data is stored and processed within the most appropriate technical environment.
This document covers:
- Policy Scope
- Related Policies and Documents
- Environment Tiers and Data Classification
- Environment Tier Definitions
- Assigning a Tier to an Environment
- Classification and Tiering Process Map
This document addresses the following requirements in the ISO 27001:2022 standard:
- Clause 6.1
1.1. Conventions used in this Document #
| Term | Definition |
|---|---|
| Shall | A mandatory requirement of this policy |
| Should | A recommended requirement of this policy |
| May | An optional requirement of this policy |
2. Policy Scope #
This policy applies to any data within the scope of the Research Data ISMS. Data must be classified and assigned a tier to be brought within scope. Data assigned a Trusted Research Environment Tier are in scope of the ISO 27001 certification (as defined in RISM01-Scope). Data stored in unclassified environments are therefore outside of the scope of the Research Data ISMS.
This policy uses the standard UCL Data Classification process outlined in the Information Management Policy. Assigning classified data to an appropriate technical Environment Tier augments the Confidentiality attribute. Integrity and Availability are not affected.
3. Related Policies and Documents #
UCL Information Management Policy
UCL Likelihood and Impact Ratings
4. Environment Tiers and Data Classification #
| UCL Confidentiality Classification | Environment Tier | Trusted Research Environment | ISO 27001 certified |
|---|---|---|---|
| Highly Confidential | Tier 4 | Yes | Yes |
| Highly Confidential | Tier 3 | Yes | Yes |
| Highly Confidential | Tier 2 | No | No |
| Confidential | Tier 1 | No | No |
| Public | Tier 0 | No | No |
The UCL Research Data ISMS uses 5 Tiers to describe the suitability of technical Environments to handle confidential data. Tier 3 and 4 Environments are classified as “Trusted Research Environments” and are in scope of the ISO 27001 certification. Tier 2 Environments are capable of handling highly confidential data, only where there is high confidence in the effectiveness of pseudonymisation and no contractual requirement mandates a Trusted Research Environment.
Tier 1 Environments can handle confidential data. Tier 0 Environments can handle public data.
4.1. Data Classification and Tiering Process #
Research data shall be classified as part of the study creation process. The procedure is mapped in Section 7 - Data Classification and Tiering Process Map. The Information Asset Owner is accountable for ensuring that data is appropriately classified, taking into account any legal, regulatory or contractual restrictions.
4.2. Safe Data #
Data can be pseudonymised or otherwise made “Safe” (see the 5 Safes Framework ) and then re-classified. At which point it may be considered safe to be stored in a lower tier environment. The Information Asset Owner shall be accountable and research teams shall be responsible for safe data as described in the shared responsibility model.
4.3 Safe Outputs #
The process of egressing research outputs from a Trusted Research Environment shall be undertaken by the research team. The Information Asset Owner shall be accountable and research teams shall be responsible for “Safe Outputs” (see 5 Safes Framework) as described in the shared responsibility model.
4.4 Research Data Labeling #
All data shall be labelled once classified, indicating Confidentiality, Integrity, and Availability (CIA), along with the appropriate Environment Tier required for storage and processing. These metadata shall be maintained and kept accurate.
5. Environment Tier Definition #
5.1 Tier 4 #
| UCL Classification | Highly Confidential |
| Inside ISO27001 Certification Scope | Yes |
| Trusted Research Environment | Yes |
Tier 4 Environments shall be used to process highly confidential data where:
- There is a contract or agreement in place stating the data must be processed within a Trusted Research Environment or with equivalent controls,
And/or
- Disclosure would result in an impact rating of 4 or 5,
And/or
- Data is sensitive personal that is either directly identifiable or where the there is low confidence in the quality of pseudonymisation,
And
- The data are likely to be targeted by sophisticated, well-resourced, and determined actors, such as serious organised crime groups and state actors.
5.2 Tier 3 #
| UCL Classification | Highly Confidential |
| Inside ISO27001 Certification Scope | Yes |
| Trusted Research Environment | Yes |
Tier 3 Environments should be used to process highly confidential data where:
- Disclosure would result in an impact rating of 4 or 5,
And/or
- Data is sensitive personal that is either directly identifiable or where there is low confidence in the quality of pseudonymisation,
And/or
- There is a contract or agreement in place stating the data must be processed within a Trusted Research Environment or with equivalent controls,
And
- The data are unlikely to be targeted by sophisticated, well-resourced, and determined actors, such as serious organised crime groups and state actors.
5.3 Tier 2 #
| UCL Classification | Highly Confidential |
| Inside ISO27001 Certification Scope | No |
| Trusted Research Environment | No |
Tier 2 Environments should be used to process highly confidential data where:
- Disclosure would result in an impact rating of 4 or 5,
And/or
- Data is sensitive personal
And
- Personal data has been assessed as not directly identifiable and there is high confidence in the quality of any pseudonymisation,
And
- The controls in place are in line with any legal, regulatory or contractual requirements associated with the data.
5.4 Tier 1 #
| UCL Classification | Confidential |
| Inside ISO27001 Certification Scope | No |
| Trusted Research Environment | No |
Environments should be used to process confidential data where:
- Disclosure would result in an impact rating of 3,
and
- Data is not sensitive personal
5.6 Tier 0 #
| UCL Classification | Public |
| Inside ISO27001 Certification Scope | No |
| Trusted Research Environment | No |
Data is public.
6. Assigning a Tier to an Environment #
Each of the ISMS’s constituent Environments shall be specified in an Environment Definition document. This document shall include:
- The tier of confidentiality, integrity and availability it supports
- The boundaries of the environment
- The details of security controls implemented within the environment
Environment Definitions shall cover all relevant sections of the Environment Definition Template and shall be retained and controlled as documented information.
7. Data Classification and Tiering Process Map #
