Using our systems and keeping our information safe toolbox

Includes hardware, software and all data that is processed using them.

All IT and communication systems, equipment and media used by Serco employees to perform their duties and/or publish any information relating to Serco. This includes the internet, intranet, social media, email, messaging and telephones.

Refers to websites and apps that let users create and share content and participate in social networking. 

It includes well known sites like Facebook, YouTube, Flickr, LinkedIn, Twitter, Instagram and Snapchat, as well as blogs, wikis, newsgroups, emails, texts - and any other means through which you can digitally post text or images to someone else.

There are many kinds of confidential information, including: 

• information about finances, business plans or practices
• marketing plans
• pricing policies
• specifications
• systems
• relationships
• costs
• business strategies
• information about employees, customers, partners or third-parties
• agreements
• intellectual property such as technical information, innovations, improvements, know-how and trade-secrets

Classifying our documents and emails, based on the information they contain, is a vital part of information security at Serco. It helps to ensure every piece of information is stored, handled and shared in the right places with the right people.

We need to understand the different classifications and select the right one for every document and email we create or change. This is particularly important where a document or email contains personal information, commercially sensitive, legally privileged or confidential information or trade secrets. It is our responsibility to know and understand the policy and guidelines for Information Privacy Classification.

Serco Restricted and Sensitive (SRS)

We classify the information we hold so we know how to keep it safe. 

SRS information is our most valuable information, which, in the wrong hands could cause serious damage to us, our customers, shareholders, partners or suppliers through serious loss of reputation; significant financial loss; loss of opportunity; or legal action.

This information may belong to the Company, customers, or third-parties. Access to SRS information must be restricted on a need to know basis with only authorised Serco employees, or specified authorised external persons or entities being granted access. Encryption and controls over the distribution outside of Serco must be in place for all SRS information.

Serco Business (SB)

SB information is information which if disclosed without authorisation, may cause unwanted exposure of the inner workings of the company, but would not result in significant financial loss or serious harm to the company or its business interests. In essence, it is any information that is not generally made available to the public unless approved for release.

This information is generally available within our offices, systems or intranet and all company employees and affiliate employees are permitted to have general access to this kind of information.

This information must not be shared beyond the company premises unless with approval for formal business engagement.

Public

Some information is made public. Serco uses this classification to indicate that the processes required to release the information must always be followed after marking the information as ‘Public’ and before publishing on the internet. We must follow the local approval processes when classifying any information as Public, as only certain individuals are authorised to assess whether information is suitable for full public disclosure.