Protectively and Sensitively Marked Documents - a User Guide
What is protective marking?
Protective marking e.g. RESTRICTED is used as a means of protecting information from unauthorized disclosure.
The use of protective markings is defined and explained in JSP 440, a copy of which is held in the Library Reports Section.
What is sensitivity marking?
Also known as ‘special markings', or ‘caveats' or ‘descriptors', sensitivity markings such as COMMERCIAL or MANAGEMENT provide extra information to enable the ‘need to know' principle to be applied effectively.
If it is considered that a thesis should carry a sensitivity marking then it will automatically become a protectively marked document also e.g.
RESTRICTED-COMMERCIAL or RESTRICTED-MANAGEMENT
What is the ‘Need to Know' principle?
The Security manual defines this as follows:
‘The essence of the principle is that no more protectively marked information should be given to any person than is absolutely necessary for him to carry out his task. Security clearance does not carry with it an automatic right of access to protectively marked material, neither is it a 'status symbol' to be associated with rank or position.
This over-riding principle must always be applied when considering the passing of information to another person.'
Does your work need protection?
The author in consultation with his/her supervisor and any sponsors must decide this, however the author should also consider:
1. Any direct quotation of sensitive information will influence the need to apply an appropriate marking e.g. commercial statistics or interview material.
2. The thesis will be held in a library environment and therefore it will be made available to a variety of users unless an appropriate marking is used to control access. Any sponsors should be advised of this at an early stage because without an appropriate marking, the thesis will be considered unclassified and available to any library user.
3. Is it really necessary to quote sensitive information in the thesis? Could your work be as effective without it?
4. If the thesis must contain sensitive information, could the identity of the source be hidden e.g. by referring to ‘company X' or ‘organisation Y'? If this option is chosen, the author should also be careful about using names in any questionnaires, acknowledgements, interviews, distribution lists and bibliographies elsewhere in the thesis.
5. Could the sensitive information be separated from the main text or methodology in a separate annex, which can be held separately under an appropriate marking?
Don't be tempted to apply a protective marking ‘to be on the safe side'. If you aren't sure about the sensitivity of information in your thesis you can seek advice from your supervisor, the Library Reports Section or the Security Officer.
How you can help the Library Reports Section manage your thesis effectively:
Your thesis will be a useful resource not only for your successors, but also for students on other courses or undertaking similar research and possibly also for outside users. Library Reports Section staff manage access to theses and try to make as much information as possible available to users, whilst still respecting any protective markings you may apply.
To help us to do this we have created a document release form, to be completed by the author and included in the final dissertation. It asks you to consider how long the information is likely to remain sensitive and for points of contact where we can seek further guidance on release.
The document release form is available from the Library Reports Section. Tel: 01793 785486.