Trinity Church recognises that information is an asset which has a value and in some cases its disposal must be protected. Information classification means categorising information based on its sensitivity and value. This is determined by the adverse impact on individuals and Trinity Church if that information were to be accessed, disclosed, altered or destroyed without authorisation.

Trinity Church has an Information Classification and Handling Policy and Procedure for determining its risk level. That Policy and any classification label on documentation should be used conjunction with this Policy.
The purpose of this document is to direct secure disposal methods.

This policy applies to all Trinity Church information in all its forms.

Trinity Church recognises that without proper disposal methods there is a risk that information may suffer accidental or intentional unauthorised access or disclosure.

Loss or disclosure of certain information could have a significant effect on the reputation of Trinity Church or individuals and may result in financial loss.

Information Disposal & Destruction

Trinity Church classifies and labels information directly related to its value and sensitivity and
the legal requirements

There are 3 classifications that can be applied to Trinity Church information:

1. Confidential
2. Restricted
3. Public

When sending information to third parties there needs to be explicitly agreed disposal procedures, and evidence that the third party is complying with these security requirements.

In principal all required Trinity Documents should be held in an agreed central repository which may be physical or electronic, e,g, on the Website.

When leaving a role individuals should:

• ensure any information they hold is held in a central location
• hand over all relevant information or access details relating to this role to their successor
• dispose of any surplus or duplicate information they are personally storing. E.g. On personal devices.

Public Disposal

Whilst there is no specific requirement for disposal of ‘public’ documents or information it is recommended that old or outdated information is regularly reviewed and removed or updated to ensure accuracy.

Restricted Disposal and Destruction

• Physical copies should be destroyed securely e.g. by shredding.
• Secure destruction of electronic media is recommended for large volumes of data.
• All legal requirement must be fully complied with e.g. Data Protection Act.
• Physical devices such as phones, computers, printer memory cards should be securely wiped or destroyed.

Confidential Disposal and Destruction

• Physical copies must be destroyed securely e.g. by shredding.
• Secure destruction of electronic media is recommended for large volumes of data.
• All legal requirement must be fully complied with e.g. Data Protection Act.
• Physical electronic devices such as phones, computers, printer memory cards must be securely wiped or destroyed.

Anyone holding or storing Trinity Church information is responsible for ensuring adequate disposal methods.

This document will be reviewed and updated as appropriate to changes to the risk environment relating to information security. Changes will be made available.

If you suspect that security or access to your information has been compromised or any of this policy’s requirements have been breached by you or other users, please report it to the Minister or a Trustee.

This procedure is authorised by Trinity Church Trustees.