A domain name registrar must determine a set of information material classification criteria that is appropriate for its own operations. The classification of the material may be, for example, as follows:
Furthermore, a registrar must determine how it processes (protects) the materials belonging to the different classes.
The classification and the related processing guidelines must be documented. The classification and its documentation must include the following:
- general principles in assessing the security class and confidentiality of information material and in keeping the material secret
- the rights to process and alter the materials and the distribution of the rights to access and alter the information material
- determination of the confidentiality class
- publicity of data or a document, including the right to speak publicly of the matter concerned
- document properties: paper, watermark and other marks
- storage and encryption
- printing and copying
- backup copies
- sending and receiving, distributing and moving
- documentation of the processing of the data and the document
- document archiving, processing or the termination of processing rights
- destruction of data and the document.