A classification level is a single tier within your organization’s classification scheme. Each level describes a specific protection requirement and is linked to concrete rules for access, storage, transmission, and disposal. For example, the “Confidential” level requires encrypted transmission and restricted access, while “Public” needs no special protection. In your ISMS, you assign a classification level to each piece of information. The level can change over time — for instance, when a draft contract becomes publicly accessible after signing. Document the criteria for each level so that employees can make the assignment independently.