Profitability of organizations is ultimately dependent on the effectiv
eness with which they exchange, gather, process, retrieve, link, contr
ol, share, manage and, above all, protect their data and information.
All these processes, however, require that the right information be ma
de available to the right person or persons at the right place and at
the right time. Costly lessons learnt with regard to information secur
ity controls introduced over the past number of years made it abundant
ly clear that it was vital, especially in a commercial environment, ci
rcumspectly and discreetly to apply counter-measures for the protectio
n of information. A widely used mechanism with which to determine appr
opriate and effective countermeasures for the protection of informatio
n is to classify the said information. Most modern organizations class
ify their transaction-based data, for example(3), that information gen
erated by orders and invoices, for the purposes of access control. The
question that arises, however, is this: How many organizations classi
fy their written communication, i.e. that contained in documents? All
the information contained in documents represents the transaction-base
d data of an organization, and has a far more critical impact on its p
rofitability than any other security factor. This paper has as its obj
ect the laying down of guidelines for the security classification of s
uch documents. Documents are, by definition, mostly used as vehicles f
or the exchange of information not only within, but also between and a
mong organizations. Important fundamentals on which this paper is base
d are as follows: the security requirements of specific categories of
documents, the various processing stages of documents, such as draft a
nd final, and the contents and structure of documents. In addition, th
e concept of information capability will be introduced. (The term ''in
formation capability'' imports the ''amount'' of information added to
the data already contained in a document by means of the structural pr
operties of that document.) The model that will be devised on the stre
ngth of this paper will promote the consistent classification of docum
ents and is intended for integration with commercial software products
that command document processing capabilities, for example, document
management systems and groupware.