What do companies usually start with in terms of a data classification schema.

That's a good question that we see often when talking to potential clients for janusNET's janusSEAL range of products. UK Government agencies use the new (from April, 2014) schema;

OFFICIAL
OFFICIAL-SENSITIVE
SECRET
TOP SECRET

https://www.janusnet.com/solution/uk/hmgspf

Private sector is more likely to use something like;

UNCLASSIFIED
PUBLIC
(COMPANY) CONFIDENTIAL

Possibly adding;

SECRET or RESTRICTED

Then sometimes there will be secondary classifications, as with the OFFICIAL-SENSITVE of the UK Gov schema.  We would recommend keeping the number of classifications to 3/4 max because as you say it won't get used correctly if it's difficult to choose.  

Sometimes organisations may use sub classifications to help with routing data to an archive or encryption service, for example;
 
COMPANY CONFIDENTIAL - ARCHIVE
COMPANY CONFIDENTIAL - ENCRYPT

Your network IT systems/gateways can route/process as needed, firewalls can block content that should not leave the organisation etc.

I would start by asking the business owners/directors how they view their data as a first step, suggesting something like the three levels above. Work from that but remember to keep it simple otherwise staff will ignore it if classifcation is optional, or incorrectly classify when it's mandatory. 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk