# Examples of measures for different TLP classifications

*Voor Nederlands, zie [hier](Voorbeelden%20van%20maatregelen%20bij%20verschillende%20TLP%20classificaties.md).*

**TLP: CLEAR**
- No measures
- No restriction on the use of AI tools
- Documents are labeled with TLP:CLEAR

**TLP: GREEN**
- Access limited to[^1] :
	- the organization itself
    - authorized external parties
    - using MFA (Multi-Factor Authentication)
- SharePoint/Teams/OneDrive:
    - placement in folders that are broadly accessible internally is allowed
    - sharing only with authorized external parties
    - placement on your personal OneDrive is allowed
- Cloud services and collaboration tools:
    - only use solutions approved/managed by the organization
- Emailing and sending:
    - additional measures are not necessary (such as encrypted email or secure connections)
- Use of Co-pilot is allowed
    - Devices and locations:
        - storage and access only via managed devices
        - do not leave devices unattended
        - printing only on approved/secure printers
        - physical documents should only be kept in approved locations
    - Documents are labeled with TLP:GREEN
 
**TLP: AMBER (+STRICT)**
*All measures/restrictions of TLP:GREEN apply, plus:*

- Access limited to:
    - specific teams and departments within the organization
    - specific authorized persons from external parties, under a signed NDA (Non-Disclosure Agreement)
- SharePoint/Teams/OneDrive:
    - only place in folders that have limited internal access
    - only specific external persons may be granted access
    - placement on your personal OneDrive is _not_ allowed
- Cloud services and collaboration tools:
    - only use solutions managed by the organization (specify)
    - only use services with strict security (such as DigiD or Bank-tokens)
- Emailing and sending:
    - only via secure connections, in encrypted form, or via a 'secure mailing' solution (such as Zivver)
    - data transfer is monitored for abnormal patterns
- Use of Co-pilot is _not_ allowed
- Documents are labeled with TLP:AMBER


**TLP: RED**
*All measures/restrictions of TLP:AMBER apply, plus:*

- Access limited to:
    - specific persons within the organization
- SharePoint/Teams/OneDrive:
    - only place in folders accessible to specific employees
    - external persons may _not_ be granted access
    - placement on your personal OneDrive is _not_ allowed
- Full monitoring of data transfer: control and logging of all data traffic
- Cloud services and collaboration tools:
    - usage is limited to ...
- Emailing and sending:
    - Not allowed
    - Full and detailed logging of all activities
- Devices and locations:
    - no access with mobile phones
    - printing not allowed
    - physical documents are kept in locked locations with restricted access (specify)
- Documents are labeled with TLP:RED

[^1]: Controls [[ISO_27002_2022_NL_BT_5.19 Information security in supplier relationships|5.19]], [[ISO_27002_2022_NL_BT 6.6 Confidentiality or non-disclosure agreements|6.6]], [[ISO_27002_2022_NL_BT 7.2 Physical access security |7.2]]