Data Classification Policy - Build Trust Center

← Back to Trust Center

Data Classification Policy

Framework for classifying and handling different types of data

Other Policies: Encryption Policy Risk Assessment Policy Incident Response Plan Data Retention Policy Data Protection Policy Vendor Management Policy Information Security Policy Acceptable Use Policy

Data Classification Policy

Purpose

To establish a framework for classifying data based on sensitivity and criticality.

Classification Levels

Confidential

Customer personal data
Financial information
Authentication credentials
Handling: Encrypted at rest and in transit, access restricted

Internal

Business plans and strategies
Employee information
Internal communications
Handling: Protected from external access, standard security controls

Public

Marketing materials
Public documentation
Published content
Handling: No special restrictions

Classification Requirements

Data owners responsible for classification
Classification reviewed annually
Metadata tags applied to classified data

Handling Requirements

Access controls based on classification
Encryption requirements by classification level
Disposal methods appropriate to sensitivity