Data classification is the process of analyzing structured or unstructured data and organizing it into categories based on file type, contents, and other metadata. Data classification helps organizations answer important questions about their data that inform how they mitigate risk and manage data governance policies.
The definition of classifying is categorizing something or someone into a certain group or system based on certain characteristics. An example of classifying is assigning plants or animals into a kingdom and species. An example of classifying is designating some papers as “Secret” or “Confidential.”
Data classification is the process of organizing data into categories that make it easy to retrieve, sort and store for future use. A well-planned data classification system makes essential data easy to find and retrieve. This can be of particular importance for risk management, legal discovery and compliance.
This is data that does not require a classification at all and has no level of sensitivity around it. An example might be advertising literature provided by a supplier; contact information for local services; etc.
Physical Documentation Format: Non specific
Electronic Documentation Format: Non specific
General data and information are items that are not considered sensitive or business critical in any way, yet still need to be maintained in an environment with controlled access.
Within an office environment this data should be filed into filing cabinets using a Buff Coloured File. Electronically this information may be maintained on a shared drive where access requires user account passwords.
Physical Documentation Format: Buff Files
Electronic Documentation Format: Password user account access
Sensitive Data is information that must be controlled outside of a secure environment and returned to a secure environment when not in use. Sensitive data is the classified information that must be protected and is inaccessible to outside parties unless specifically granted permission. The data can be in physical or electronic form, but either way, sensitive data is regarded as private information or data. Physical storage is by means of locked filing cabinets and electronic storage be limited access centralised storage with full password controls. This data must not be left unattended.
Examples of Sensitive Data would include Customer Contracts, both electronic and physical, business sensitive data, accounts data, etc.
Physical Documentation Format: Blue Files
Electronic Documentation Format: Secure Access Controlled
Secure Data must not be left unattended or accessible to unauthorised people under any circumstances. This contains the highest level of sensitivity, usually with personal details. Access to this information is at the senior management level only and it is securely stored separate to all other information.
Examples of Secure Data would include Staff Contracts, DBS information, Staff Appraisals, etc.
Physical Documentation Format: Red Files
Electronic Documentation Format: Secure and Limited Access Controlled