UnixTime

Research Note

Information Transfer Rules Matrix

Use this to define which transfer methods are approved for each information classification and what controls must be used.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this to define which transfer methods are approved for each information classification and what controls must be used.

Transfer rules

Classification Internal email External email Secure portal/file sharing Messaging apps Removable media Physical/courier Verbal/phone Required controls
Public Allowed Allowed Allowed Allowed Allowed Allowed Allowed Owner approval before publication
Internal Allowed By exception Approved internal tools Approved tools only By exception Controlled Avoid public discussion Recipient check
Confidential Approved channels Secure method only Approved secure portal Restricted Encrypted and approved Tracked transfer Private setting only Encryption, access control, logging
Highly confidential / regulated Restricted By exception with approval Restricted secure portal Prohibited unless approved Strongly restricted Tamper-evident/tracked By exception Formal approval, strong encryption, receipt confirmation

Transfer checklist

  • Information classification confirmed.
  • Recipient identity verified.
  • Transfer channel approved for classification.
  • Encryption or secure portal used where required.
  • External sharing approved where required.
  • Third-party agreement exists where required.
  • Retention and deletion expectations understood.
  • Transfer logged or evidence retained where required.
  • Incident process known if transfer fails or goes to wrong recipient.