Sample Data Classification Policy

Sample Request for Proposal (RFP) for Managed Security Services

The foundation for protecting sensitive corporate information is a well thought out classification system based on sensitivity level, and appropriate labeling and handling instructions for each level. Developing an effective classification policy that also balances ease of use for end users can be challenging, but not impossible, if you keep it simple.

This sample data classification policy was originally shared by a CISO to help his peers on Wisegate, and can help you get a head start on creating your own policy, or updating what you already have.

Important sections in this document include:

  • Definition of classification levels, with example documents for each.
  • Security controls for each classification level, such as encryption, records retention, and training.
  • Handling instructions for each classification level, such as storing, labeling, emailing, printing.
  • Information owner roles and responsibilities, such as assigning classification and monitoring usage.
Who is Wisegate? Wisegate is a peer-based research community for senior IT professionals, with first- hand insights and actionable knowledge from the best source available—the collective wisdom of IT leaders from across the industry.

Through live discussions, online Q&A and polls, and shared tools and templates, Wisegate offers a practical and unbiased information source built on the real-world experience of veteran IT professionals. See if you qualify for membership today.