EBRD Information Classification (IC)

The EBRD recognises the importance of the information that it handles, including information that it receives from and sends to its clients, partners and suppliers.

It also recognises the need to prevent the unauthorised disclosure of sensitive information both inside and outside the Bank.

We have therefore launched a new Information Classification (IC) Scheme.

You may receive a document or email from the Bank with one of the classifications below on it (e.g. in a document header/footer or an email subject line). This guide explains what they mean and how the Bank would like information handled.

Classification

Principles

PUBLIC

or [PUB]

Information which can be seen by anyone inside or outside the Bank.

Unauthorised disclosure of this information would not have any impact on the operation or reputation of the Bank or the clients of the Bank.

OFFICIAL USE

or [OU]

Information which is used for the day-to-day operation of the Bank and can be seen by any employee, officer and contractor or consultant approved by the Bank (including authorised external parties).

Unauthorised disclosure of this information would have a minor impact on the operation or reputation of the Bank.

RESTRICTED

or [RES]

Information which is used for the day-to-day operation of the Bank but access to which is restricted to Teams, Units or Departments on a ‘need-to-know’ basis (including authorised external parties).

Unauthorised disclosure of this information could have a significant impact on the operation or reputation of the Bank.

HIGHLY RESTRICTED

or [HRES]

Information which is only shared on a strict ‘need-to-know’ basis and should not be accessible to personnel (either inside or outside the Bank) who have not been explicitly authorised to see or use the information.

Unauthorised disclosure of this information could have a severe impact on the operation or reputation of the Bank and/or a client of the Bank.

 
We would encourage you to protect the information which you receive from the Bank according to the criteria above. The Bank is not mandating specific controls on you but would encourage you to apply these basic principles when sending or handling Bank information. The Bank has also introduced the Switch service for secure mail whereby any emails which are classified as HIGHLY RESTRICTED will be automatically sent to external recipients in a secure manner.
 

Sharing of Bank/client information should be restricted to authorised individuals.

Information should not be accessible to or shared with those who have not been authorised to see or use it.

If you have any questions on IC at EBRD please contact us via IS@ebrd.com and we will be happy to answer your questions.