REVENUE MEMORANDUM ORDER NO. 30-2023 issued on September 22, 2023 prescribes the revised guidelines for Information Asset Classification.
The Order provides a process and direction for determining the security classification of information assets across all delivery mechanisms, including both online services and physical ‘over-the-counter’ services, and to apply to both electronically and non-electronically stored information. A single guideline for all delivery mechanisms is vital because services and information are increasingly offered on multiple channels.
The revised guideline includes the security classification schema, security classification process (i.e., identification of information assets, owner identification, determination of security classification, limitation of duration of classification, etc.) and security controls.