Platform data classification

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

1. Confidentiality, integrity, and information availability levels

Security attributes	High	Medium	Low
Confidentiality is the property that ensures the information is not provided or disclosed to third parties, organizations, or processes. It includes the following metrics: Reputational consequences. Financial consequences. The impact scale according to the number of information processes involved.	Unauthorized disclosure of information will have a significant or catastrophically negative impact on the operations of the organization, its assets, or people.	Unauthorized disclosure of information will have a significant negative impact on the operations of the organization, its assets, or people.	Unauthorized disclosure of information will have a limited negative impact on the operations of the organization, its assets, or people.
Integrity refers to maintaining and ensuring the accuracy and completeness of data throughout its lifecycle. Integrity is about ensuring that data has not been tampered with or destroyed and, therefore, can be trusted. It includes the following metrics: Reputational consequences. Financial consequences. The impact scale according to the number of information processes involved.	Unauthorized modification or destruction of information will have a significant or catastrophically negative impact on the operations of the organization, its assets, or people.	Unauthorized modification or destruction of information will have a significant negative impact on the operations of the organization, its assets, or people.	Unauthorized modification or destruction of information will have a limited negative impact on the operations of the organization, its assets, or people.
Availability refers to the provision of timely and guaranteed access to information and its use. It includes the following metrics: Maximum tolerable downtime per month. Maximum tolerable downtime per incident.	Violation of access to or use of information or an information system will have a significant or catastrophically negative impact on the operations of the organization, its assets, or people.	Violation of access to or use of information or an information system will have a significant negative impact on the operations of the organization, its assets, or people.	Violation of access to or use of information or an information system will have a limited negative impact on the operations of the organization, its assets, or people.

Security attributes

High

Medium

Low

Confidentiality is the property that ensures the information is not provided or disclosed to third parties, organizations, or processes.

It includes the following metrics:

Reputational consequences.
Financial consequences.
The impact scale according to the number of information processes involved.

Unauthorized disclosure of information will have a significant or catastrophically negative impact on the operations of the organization, its assets, or people.

Unauthorized disclosure of information will have a significant negative impact on the operations of the organization, its assets, or people.

Unauthorized disclosure of information will have a limited negative impact on the operations of the organization, its assets, or people.

Integrity refers to maintaining and ensuring the accuracy and completeness of data throughout its lifecycle. Integrity is about ensuring that data has not been tampered with or destroyed and, therefore, can be trusted.

It includes the following metrics:

Reputational consequences.
Financial consequences.
The impact scale according to the number of information processes involved.

Unauthorized modification or destruction of information will have a significant or catastrophically negative impact on the operations of the organization, its assets, or people.

Unauthorized modification or destruction of information will have a significant negative impact on the operations of the organization, its assets, or people.

Unauthorized modification or destruction of information will have a limited negative impact on the operations of the organization, its assets, or people.

Availability refers to the provision of timely and guaranteed access to information and its use.

It includes the following metrics:

Maximum tolerable downtime per month.
Maximum tolerable downtime per incident.

Violation of access to or use of information or an information system will have a significant or catastrophically negative impact on the operations of the organization, its assets, or people.

Violation of access to or use of information or an information system will have a significant negative impact on the operations of the organization, its assets, or people.

Violation of access to or use of information or an information system will have a limited negative impact on the operations of the organization, its assets, or people.

2. General data classification

Classification level	Description	Confidentiality	Integrity	Availability
Open information	Information that can be freely distributed in public.	Absent	Medium	High
Official information that constitutes a state or other legally mandated secret	Information for which the loss, forgery, blocking, processing distortion, or violation of the established routing process can lead to undesirable consequences for the project’s operation and reputation.	High	High	Medium
Confidential information	Information for which the loss, forgery, blocking, processing distortion, or violation of the established routing process can lead to significant negative consequences, such as causing harm to a person, society, and the state. This includes personal data, which is information or a set of data about a natural person that identifies or can be used to identify them.	High	High	High

Classification level

Description

Confidentiality

Integrity

Availability

Open information

Information that can be freely distributed in public.

Absent

Medium

High

Official information that constitutes a state or other legally mandated secret

Information for which the loss, forgery, blocking, processing distortion, or violation of the established routing process can lead to undesirable consequences for the project’s operation and reputation.

High

Medium

Confidential information

Information for which the loss, forgery, blocking, processing distortion, or violation of the established routing process can lead to significant negative consequences, such as causing harm to a person, society, and the state.

This includes personal data, which is information or a set of data about a natural person that identifies or can be used to identify them.

High

3. Data categories

Data category	Description	Data
User authentication data	Any user data used in the authentication process.	User IDs JWT tokens OTP codes used to confirm the communication channel with the user Sessions
Administrator authentication data	Any administrator data used in the authentication process.	IDs JWT tokens Sessions
Service authentication data	Any technical account data used in the authentication process.	User IDs JWT tokens API tokens
Registry data	A set of data from the registry that was created as a result of specific operations and circulates in the system. All data that belongs to the user and is processed by the Platform.	Dashboard data Registry records Geodata Excerpts Documents and files Business process data Personal data
Business process metadata	Any information about a business process.	Name Status Internal technical data Model Available services
Registry technical data	Data on the implementation, configuration, and operation of the Platform.	UI form schemas Excerpt templates External scripts for UI forms Traffic routing to the API services of the registry administrative zone subsystems Rate limits settings and control Data model Regulations
Historical data	Data on the changes to the Platform components and processes.	History of user tasks Business process execution history Services initiated by a specific user
Platform public documentation	Documentation about the Platform that is published publicly.	Documentation
System performance data	Monitoring, tracing, and logging data.	Metrics Audit event logs Event logs Tracing data
Cryptographic data	Data related to cryptographic operations.	Traffic encryption certificates Data encryption/decryption keys
Digital signatures	Data used in the process of signing or verifying the data signature on the Platform.	Registry system signature (digital seal) User digital signature
Test data	Data used exclusively for system testing and containing no real information.	Test dataset
Sensitive settings	Settings that affect the performance of the Platform and may contain sensitive information.	Global settings User preferences System settings

Data category

Description

Data

User authentication data

Any user data used in the authentication process.

User IDs
JWT tokens
OTP codes used to confirm the communication channel with the user
Sessions

Administrator authentication data

Any administrator data used in the authentication process.

IDs
JWT tokens
Sessions

Service authentication data

Any technical account data used in the authentication process.

User IDs
JWT tokens
API tokens

Registry data

A set of data from the registry that was created as a result of specific operations and circulates in the system. All data that belongs to the user and is processed by the Platform.

Dashboard data
Registry records
Geodata
Excerpts
Documents and files
Business process data
Personal data

Business process metadata

Any information about a business process.

Name
Status
Internal technical data
Model
Available services

Registry technical data

Data on the implementation, configuration, and operation of the Platform.

UI form schemas
Excerpt templates
External scripts for UI forms
Traffic routing to the API services of the registry administrative zone subsystems
Rate limits settings and control
Data model
Regulations

Historical data

Data on the changes to the Platform components and processes.

History of user tasks
Business process execution history
Services initiated by a specific user

Platform public documentation

Documentation about the Platform that is published publicly.

Documentation

System performance data

Monitoring, tracing, and logging data.

Metrics
Audit event logs
Event logs
Tracing data

Cryptographic data

Data related to cryptographic operations.

Traffic encryption certificates
Data encryption/decryption keys

Digital signatures

Data used in the process of signing or verifying the data signature on the Platform.

Registry system signature (digital seal)
User digital signature

Test data

Data used exclusively for system testing and containing no real information.

Test dataset

Sensitive settings

Settings that affect the performance of the Platform and may contain sensitive information.

Global settings
User preferences
System settings

4. Platform data

4.1. Registry operational zone

Subsystem	Data	System components	Classification level
User portals subsystem	User authentication data User digital signature User preferences Registry data Dashboard data	Components that process data	Confidential information
External traffic management subsystem	System settings User authentication data	Components that process data	Service information
Business process management subsystem	User digital signature Registry data Business process metadata Historical data	Components that process data	Confidential information
Registry data management subsystem	User digital signature Registry data User authentication data	Components that process data	Confidential information
Registry analytical reporting subsystem	Registry data User authentication data	Components that process data	Confidential information
External integrations subsystem	Registry data Service authentication data	Components that process data	Confidential information
External API simulation subsystem	Test dataset	Components that process data	Service information
Registry excerpt generation subsystem	Registry data Registry system signature (digital seal)	Components that process data	Confidential information
User notification subsystem	Registry data Business process metadata	Components that process data	Confidential information
Geodata management subsystem	Registry data System settings	Components that process data	Confidential information
Registry audit events logging subsystem	Audit event logs User authentication data	Components that process data	Service information
User settings management subsystem	Registry data User authentication data	Components that process data	Confidential information
Digital signatures subsystem	User digital signature Registry system signature (digital seal) Registry data	Components that process data	Confidential information
Secrets and encryption management subsystem	Data encryption/decryption keys Service authentication data	Components that process data	Service information
Asynchronous messaging subsystem	Registry data Business process metadata	Components that process data	Confidential information
Relational database management subsystem	Registry data Audit event logs Global settings User preferences Business process metadata	Components that process data	Confidential information
Non-relational database management subsystem	User authentication data Registry data Registry technical data	Components that process data	Confidential information

Subsystem

Data

System components

Classification level

User portals subsystem

User authentication data
User digital signature
User preferences
Registry data
Dashboard data