Information security and test artefacts

How are you guys out there and the companies you work for approach information security in relation to the documentation that is produced during test? Are your test scripts and bug reports considered sensitive information and do you have information security processes and controls in place to protect this information?
I assume most, for different reasons, make sure that this information does not spread outside the Company, but how about within?