Data classification
- policy and method
Classify your data and implement the right data protection based on content
Data classification model
By classifying your company's data, you achieve a wide range of benefits. Advantages that can have a risk-reducing effect, a possible financial gain and, not least, the possibility to control a large number of safety parameters.
Unitas prepares, on the basis of a well-developed model, a data classification for your company. A simple model with, for example, 4 categories, which forms the starting point for which data is involved, data availability and security for internal processing, requirements for external processing, etc., then you are very far.
Data classification is reserved for all the company's data regardless of type or medium.
Support can take place immediately in Microsoft 365, and here we can help with the design of the technical setups and policies. In this way, you can have automatic encryption, limited access and automatic deletion set up fully automatically.
Below you will find an example of what part of a data classification policy might look like.
Data Classification Brief
Data classification offers many advantages, including
1
Securing data based on type and content, e.g. can, and can, data be shared externally?
2
Automatic deletion of data based on content and deletion policy as required by e.g. GDPR.
3
A strong overview of where which data is located and secure it against accidental access with, for example, encryption.
Implementing Data Classification - Microsoft 365
Once the data classification model is established, it must be implemented in the systems. Modern systems prepared with 'Privacy by Design' in mind often support e.g. deletion rules, encryption methods and options for managing e.g. external access.
With Microsoft 365 as a point of departure, it is advantageous to take a closer look at Microsoft Purview (formerly Azure Information Protection). By default, all data in your Microsoft 365 environment is already scanned and classified based on some parameters that Microsoft has determined.
It is therefore relatively simple to incorporate the data classification rules into the Microsoft 365 and Azure environment. In other words, all your e-mails, documents, databases and SharePoint Sites will be classified and technical rules imprinted at once. You can run the simulation for a period of time, where you can see how the result will be before choosing to go 'live' with the implementation.
For example, we ourselves use Purview i Unitas, where our data is auto-classified based on content. The technical conditions are automatically printed as e.g. limited external sharing, encryption of data and automatic deletion rules.
Contact us if you want help with the preparation of a data classification model and also with implementation in Microsoft 365