Confidentiality

Content confidentiality

Every organisation manages information with different levels of confidentiality. Based on its confidentiality, different protection levels will be in place.

To identify the confidentiality of an asset, we use the following confidentiality ratings:

Safety measures

For each confidentiality rating, different safety measures apply.

Public information

Information that is public to everyone will be published in this handbook. The handbook is open to everyone in the world. This public handbook makes how Balean works open and transparent. Any procedures, processes or other information related to Balean can be treated as public if it cannot harm Balean, its team members or any of Balean’s partners or customers in any way. Keep in mind that information can be used for phishing attempts and social engineering hacks. Giving away too much information may be used for such attempts. If you are unsure if information can be public, treat it as internal instead and ask for internal guidance.

Examples of non-public information include: data about people or partner organisations, specific details inside of a process, policy or procedure that could potentially help to gain access to systems owned by Balean. Think about details like usernames, IP-addresses, server names, network details, internal URL’s, bank account details, etc.

Anyone can propose changes to public pages by opening a merge request or an issue in the corresponding project. Every handbook page has a link to edit the page. Every change request will be reviewed by a Balean team member before being published in the handbook. Every Balean team member can approve changes and merge changes to public pages.

Protected information

Protected information is still publicly visible in the handbook but has a more thorough process for reviewing. Information is protected when the information in question is strategic to Balean in general or if the information in question applies to processes or procedures related to team members of Balean. Examples are Balean’s values since it is strategic to Balean in general, or community code of conduct since it applies to team members of Balean.

Changes to pages that are rated as protected must be reviewed and merged by a designated team within Balean.

Internal information

Information is rated as internal when it would harm Balean in any way if people outside Balean would see it. Examples of internal information are for example meeting minutes of meetings, non-public roadmaps or business plans. Internal information should never be added to the handbook, since the handbook stores information in a public space.

If information is internal, then that information is typically stored in Balean’s Google Drive or in applications that are only accessible by Balean team members. Any new information must be treated as internal unless you are sure that it can be shared to the public.

Confidential information

Information should be treated as confidential when it can be used to identify single people, organisations, servers, systems or other. Information must also be treated as confidential when it can be used to harm Balean, individual people or other organisations. Information that is rated as confidential should only be visible to the people with whom it is explicitly shared and who should have access to that information to do their job. Access to confidential information must be tracked and reviewed regularly.

When information is confidential it should never be stored in a public space, like the Balean handbook. When stored in Google Drive, then it must be stored in a location where specific people have been giving access to. Confidential information stored in a folder that is shared with certain groups has the risk of being shared with more people than desired when people are being added to that group.

When confidential information is stored in other systems than Google Drive, then that system must be reviewed separately. Especially when systems contain personal data, it must be reviewed for GDPR compliance.