ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS), published in 2005 and revised in 2013.
Information classification is a key part of any ISO 27001 project.
Control objective A8.2 is titled ‘Information Classification’ and instructs that organisations “ensure that information receives an appropriate level of protection”.
Typical data classification includes 4 levels, for example:
- Confidential (only senior management have access)
- Restricted (most employees have access)
- Internal (all employees have access)
- Public information (everyone has access)
Who classifies and how is it enforced?
The content creator is the best person to determine the classification of documents and emails. Doing the classification at the time of creation, using a tool that guides them through the process and ensures that they don't forget to apply a classification.
Classify, label and add metadata at the point of creation
360 Protective Marking enables users to classify their documents and emails when they are writing them. When a user saves or prints a document or sends an email they are prompted to select a classification which applies metadata and visual labelling to the document or email.
The classification options can be tailored to your organisation needs and can include retention periods alongside standard classification which can be used by a records and document management system.
360 Systems offer a free trial of this software. If you'd like to review its fit within your organisation then please get in contact.
- Positive selection of a marker
- Stores classification metadata with each document or email
- Office metadata available to SharePoint
- Mark Header, Footer or Subject with the visual description
- Custom markers and help descriptions
- Prevents email from when a classification is downgraded
- Enforce consistent labelling
- Enable mail gateways to enforce routing rules
- Development services available