Information can be defined as data which has meaning. It is the meaning of this data which has to be protected, in accordance with its worth to your organisation. This topic looks at ways to categorise your organisation's information.

• Confidential or important information held by your organisation could be lost or destroyed due to staff members treating information inappropriately, resulting in the loss of information which is critical to the business.

• Make an inventory of your information assets and where they are held or stored.
• The inventory should cover the following:

1. Information held on computerised systems including databases, application software, software manuals, software licences, media, development software, operating procedures etc.
2. Physical items such as servers, personal computers, laptops, keyboards, fax machines, photocopiers etc.
3. Associated items such as telephone systems, furniture, air conditioning units, fire extinguishers etc.

• Once items have been identified, classify them according to the level of security required to protect the information that is associated with the item.
• Maintain your organisation's asset inventory in a spreadsheet or database.
• Alternatively consider using a Document Management System for paper based and online information, and a bar-code based database system for hardware items.