Data Classification Schemes

Different firms have different levels of confidentiality, but it is certainly worth assigning a security level to every document in your organization so that workers know how to handle the data. As the document is developed in SharePoint Server 2007, the security level of the document can become a defining (and indexable) piece of metadata. Most classification schemes use one or more of the following document categories: public, confidential, secret, and private. Each organization will have its own scheme, and our point is not that you should copy what is written here, but instead that you implement a classification scheme and then use that scheme as new information is developed. Because most content that is developed is automatically considered confidential, it might be important in your organization to spell that out to content developers. Doing so will ensure that they do not disseminate confidential information.

Items to consider when developing this policy include the following:

• Data classification scheme is required for all company data.

• Labeling is required for all company data.

• Information is treated as confidential whenever the classification is unknown.

• Departments can create additional classifications if authorized.

• Content developers are responsible to assign data classification to all documents during development.

• Owner of content must meet classification requirements.

• Declassification of content must follow prescribed procedures.

• Co-presenting of different classified content is prohibited.

• Classified content must be hosted in SharePoint Server 2007 sites with required permissions.