The beginning of all records classification has to start with grabbing a list of files and data elements (fields for databases and elements for XML lists), grouping them together into a category, and then documenting which of the organization's tasks the records fall under. This worksheet is designed to help the end user do that and a bit more. This document acts as the UCF's Record Category Worksheet description standard for defining how to craft these documents directly from the UCF XML database so that as new, modified, or deleted controls or records are added to the UCF, the output can easily be updated.

The Record Category Worksheet

A sample Record Category Worksheet

The contents of any Record Category Worksheet are as follows:

1. The Record Category Title of the particular document.

2. The Record Category ID. Each Record Category ID is a seven digit number.

3. The Organizational Task (and associated ID) along with the Organizational Function (and associated ID) that the task belongs to.

4. A listing of all of the File or Report examples that are associated with this record category (and their associated IDs).

5. A list of all known Protected Data Elements associated with this record category that have been linked to controls specifically calling out general confidentiality, integrity, availability, or accountability protection measures for data elements.

6. A list of all known Data Elements that fall under Breach Notification rules associated with this record category.

7. A list of all known general Controls associated with this record category.

8. Any special labeling instructions for these types of records. Remember that an information category's Confidentiality, Integrity, and Availability factor is different from the type of labeling that often needs to be applied to records and their containers. The UCF has an entire document posted online (http://netfrontiers.com/ucf-for-users/information-classification/information-control-classifica.html) that covers the differences between the two.

9. The Retention Schedule is also added, defining how long each record type needs to be held before being disposed of, and what should trigger that schedule.

Where does this information come from?

The information in this standard comes from the UCF's XML database. We'll repeat each of the fields here with a descriptor for where the information can be found within the XML specification documents. The Record Categories XML file can be found online HERE.

Information	Method	XML Source Field
Record Category Title	Direct	UCF_Record_Name
Record Category ID	Direct	UCF_Record_ID
Organizational Task	Calculated through the Tasks to Records Join List	UCF_Task_Name and UCF_Task_ID
File Examples	Calculated through the Record Examples List	UCF_RecEx_Name and UCF_RecEx_ID
Protected Data Elements	Calculated through the UCF Record Categories to General Protection Data Fields Join List	UCF_CE_Title and UCF_CE_ID
Data Elements that fall under Breach Notification	Calculated through the UCF Record Categories to Breach Notification Data Fields Join List	UCF_CE_Title and UCF_CE_ID
General controls assigned to the record category	Calculated through the UCF Record Categories to Controls Join List	UCF_CE_Title and UCF_CE_ID
Labeling	Direct	UCF_Record_CIA_Label
Retention Schedule	Direct	UCF_Record_Retention_Event and UCF_Record_Retention_Years