<!-- classification: PUBLIC -->

# Document Classification Policy


**AI Leadership Academy 2026**
Last updated: April 2026 | Owner: Ronald Ng, Core Technology HK

---

## 1. Purpose

This policy defines four information sensitivity levels used across all academy materials. Classification ensures the right content reaches the right audience — protecting operational details, faculty resources, and proprietary course IP while keeping public-facing materials open for marketing and enrolment.

---

## 2. Classification Levels

### 🟢 PUBLIC

**Who can access:** Anyone, no authentication required.

**What it contains:** Marketing materials, programme overview, general description of learning outcomes, faculty bios, enrolment information. Content at this level is designed for search engines, social media sharing, and prospective student discovery.

**Hosting:** Root Cloudflare Pages URL (`https://academy-program-development-2026.pages.dev`) — no gating.

**Examples:**
- `README.md`
- `PROGRAMME_OVERVIEW.md`
- `CLOUDFLARE_SETUP.md`

---

### 🔵 CONFIDENTIAL

**Who can access:** Enrolled and accepted students only. Authentication via Cloudflare Access (email OTP or Google SSO for enrolled cohort).

**What it contains:** Full session content, module handouts, HK use-case briefs, glossary, technology setup guides, competency matrices, and all track materials (Core, Organisational, Individual, Technical). This is the primary learning content students interact with throughout their programme.

**Hosting:** `/portal/` — gated behind Cloudflare Access policy `enrolled-students`.

**Examples:**
- All `core/C*.md` files
- All `tracks/organisational/O*.md`, `tracks/individual/I*.md`, `tracks/technical/T*.md`
- `shared/participant-pre-read.md`, `shared/glossary.md`, `shared/hk-apis-reference.md`
- `shared/technology-stack.md`, `shared/competency-matrix.md`
- All `01-session-*/README.md`, `02-session-*/README.md`, `03-session-*/README.md`
- All `examples/uc*/README.md`
- `platform/windows/setup.md`
- `requirements.txt`

---

### 🟠 INTERNAL

**Who can access:** Faculty and programme coordinators only. Authentication via Cloudflare Access (individual faculty email allowlist).

**What it contains:** Facilitator guides, exercise answer keys, budget sheets, pre-event operations checklists, co-facilitator briefings, API registration workflows, market research, and skill development frameworks. This content supports programme delivery and must not be shared with students.

**Hosting:** `/faculty/` — gated behind Cloudflare Access policy `faculty-only`.

**Examples:**
- `FACILITATOR_RUNBOOK.md`
- `shared/pre-event-checklist.md`
- `shared/co-facilitator-guide.md`
- `shared/api-registration-guide.md`
- `shared/assumptions-dependencies.md`
- `shared/budget-tvp.md`
- `shared/market-research.md`
- `docs/skill-development-guide.md`
- All `*/facilitator-guide.md`
- All `*/exercises/*.md`
- `platform/mac/setup.md`

---

### 🔴 RESTRICTED

**Who can access:** Programme Director (Ronald Ng) only. Not published to any web portal.

**What it contains:** Faculty compensation terms, partnership agreements, institutional endorsement negotiations, individual student performance data, and legally sensitive commercial information.

**Hosting:** Offline / local only. Never committed to the public repository.

**Examples:**
- Faculty contract drafts
- Partnership MOU drafts
- Individual student assessment records

---

## 3. How Classification Is Applied

Every Markdown document in this repository contains an HTML comment on the first or second line declaring its classification level:

```html
<!-- classification: PUBLIC -->
<!-- classification: CONFIDENTIAL -->
<!-- classification: INTERNAL -->
<!-- classification: RESTRICTED -->
```

This comment is machine-readable and is used by the Docsify badge plugin to render a coloured indicator at the top of each page in the portal.

---

## 4. Classification Badge Colours

| Level | Colour | Badge |
|---|---|---|
| PUBLIC | Green `#16a34a` | 🟢 PUBLIC |
| CONFIDENTIAL | Blue `#1d4ed8` | 🔵 CONFIDENTIAL |
| INTERNAL | Amber `#d97706` | 🟠 INTERNAL |
| RESTRICTED | Red `#dc2626` | 🔴 RESTRICTED |

---

## 5. Access Control Architecture

```
https://academy-program-development-2026.pages.dev/
│
├── /                    ← PUBLIC — No auth, marketing landing page
├── /portal/*            ← CONFIDENTIAL — Cloudflare Access: enrolled-students
└── /faculty/*           ← INTERNAL — Cloudflare Access: faculty-only
```

All Cloudflare Access policies are defined in `CLOUDFLARE_ACCESS.md`.

---

## 6. Review & Reclassification

- Classification should be reviewed at each cohort intake (minimum annually).
- Reclassification requires approval from the Programme Director.
- Any document marked RESTRICTED must never be added to the Git repository.
- If in doubt, classify higher (more restrictive) and reclassify down after review.

---

## 7. Contacts

| Role | Name | Responsibility |
|---|---|---|
| Programme Director | Ronald Ng | Policy owner, RESTRICTED custodian |
| Faculty Coordinator | Ronald Ng | INTERNAL access list management |
| Enrolment | TBC | CONFIDENTIAL access provisioning |