Document and email classification ensures data handling is compliant with company, government and audit regulations and improve data security.
Richard outlines his approach to document and email classification projects based on implemetations into Police, Local Government and Businesses where data handling and auditing is key.
Richard Evans, Projects Director
I have helped organisations implement document and email classification for over a decade. Here are the 5 steps I use to implement document and email classification across an organisation.
1. Define project goal and objectives
Often projects are driven by the need to implement legislative compliance frameworks of classification.
However for the organisation to accept and embrace classification, it helps to have a clear understanding of how to benefit from the project.
- How wide should the scope be?
- Big Bang or department rollout?
- What is the impact on key processes?
Defining goal and objectives that are measurable and deliver results quickly help keep the project on track.
2. Create a classification policy and scheme
Document and email classification policies enable content creators and moderators to indicate the appropriate level of care that should be taken when handling the information. The act of considering how best to classify content helps raise awareness across the organisation which contributes to improved management of the overall risk.
A basic implementation may have categorisation such as Public, Official, Sensitive, Confidential or Personal. You may want to include additional descriptors such as Confidential-HR, Confidential-Finance for departments or to drive retention policies.
Your classification policy should also consider data classification levels or categories that have been developed by industry regulations or standards.
However, it is important to get the balance right, as having too many classifications could be confusing, while too few generalises the classification scheme and doesn't add value to your data. This is dependent on the content creators and consumers plus the experience of the wider organisation in working with a classification scheme.
“Who classifies and how is it enforced?”
The content creator is the best person to determine the classification of documents and emails. Doing the classification at the time of creation, using a tool that guides them through the process and ensures that they don't forget to apply a classification.
3. Software tools can assist
360 Protective Marking ensures the end-user makes a positive decision about the sensitivity of content classification at the point of send, save or print. Custom help information assists the user in identifying and selecting the most appropriate classification for the content.
It enables users to classify their documents and emails when they are writing them. When the user goes to save, print or send they are prompted to select a classification which applies metadata to the document or email. The classification options can be tailored to your organisation needs and can include retention periods alongside standard classification which can be used by a records and document management system.
360 Protective Marking is email and document classification tool for Microsoft Office applications.
4. Communication plan
Engage your users and keep them informed.
You may choose to start the implementation with a pilot within a key department to iron out any issues before starting the full roll-out. It is imperative to get users on board. Highlighting to them why data classification is important, making adjustments to the process where necessary and improving how the implementation is done.
Document the classification policy and scheme. Make it clear why and how it is to be used and provide users with an opportunity to review before and after it is their turn to get the software.
5. Review and evolve
Encourage user feedback and meet regularly to review it.
Acting early on user feedback can smooth the way for the remaining roll-out and increase the positive user buy-in for the overall project. For instance, if there were confusion around the differences between classification in specific scenarios, there could be an issue with definitions in other software already in a department. These things can be easily overcome with updated guidance and software configuration. If you get those early adopters onside, then they will become your champions for the wider roll-out.
Keep in touch with the software vendor to ensure you have the latest version of the software and that you are making use of all the latest features.
For more information, assistance or a free trial of 360 Protective Marking then please use the contact us form above.
Richard Evans
Projects Director
See our new website dedicated to email and document protective marking.