An information classification policy outlines the way a company organises access to the data they hold and the level of protection it should be given. By classifying information, the company can ensure that the information receives the appropriate level of protection.
The starting point for information classification is creating your asset register. Once the company’s information is detailed in the register you can then classify that information typically in terms of confidentiality, with greater restriction applied to accessing more sensitive information.
If you have grown to a point that you are considering data protection certifications such as ISO 27001, you will need to ensure that information receives an appropriate level of protection. Our policies and guidelines are designed to support those companies seeking certification.
This Information Classification Policy includes sections on:
- Data ownership
- Data custodians
- The information classification process
- Pre-classified information assets