8 Tips for Content Classification
Creating far more manageable information repositories doesn’t need to be hard.
With focused content classifications, not only will your organization’s information be more secure, but your end users will also be able to more easily access required information. You can start with a simple content classification hierarchy as follows:
- Public – this category includes anything with zero intellectual property value. This includes documents already in the public domain as well as general internal content.
- Commercial in confidence – this designation includes contract documents and other content that your organization may need to distribute to suppliers, customers, or other stakeholders.
- Secret – this classification includes controlled information such as new products or services. Anyone outside of a designated group cannot access it.
- Your eyes only – this specification restricts access to just a few people. Merger and acquisition documents are an example.
For many organizations, a content classification plan with broad definitions or groups like these categories is sufficient. If you want to add further granularity, however, more specific classification will make things easier.
Automated Classification Using Templates
The best time to apply classification metadata is during the content creation process, something that can be easily done using template. The information creator can choose a template that automatically applies the correct classification to the document. This classification data will remain with the document through suitable information stores. Even with information pulled from other areas, such as web searches and social network streams, there are tools that can update classification in a contextually-aware manner. An automated process like this removes the burden of classification from the end user, and can improve classification accuracy and consistency. These classifications can provide extra metadata that can be used when controlling, routing and searching for information.
Controlling Access to Content
As long as the classification remains integral to the document, it can be used by collaboration and sharing tools to add value for anyone requiring access to the information. For example, an information asset marked “Secret” can be prevented from leaving the corporate perimeter. One marked “Your eyes only” can be prevented from appearing in searches by those without the rights to see it. Simple classification increases the value of tools such as data leak prevention (DLP) and business process management (BPM) when applied. Governance, risk management and compliance (GRC) is also improved when classification codes exist.
Content Classification Tips
As a quick guide, here are some recommendations for using a content classification methodology:
- Apply content classification while creating assets (or shortly afterwards).
- Use templates as frequently as possible.
- Extract maximum value by using secure and functional sharing and collaboration tools with intelligent search.
- Ensure that the codes remain associated with the information asset.
- Apply security via the classification code as well as the document content.
- Ensure that internal and external individual roles and responsibilities are included in classification codes.
- Associated other tools, such as DLP and BPM, with the classification codes to help prevent accidental spread and leakage of information.
- Use monitoring and reporting to support GRC.
Content Classification Doesn’t Have to Be Scary
Content classification doesn’t have to be as complex as element classification
Content classification often scares organizations that mistakenly believe it too complicated to implement and run. However, simplicity is often the key; classification does not necessarily require massive numbers of different codes. It does, however, offer a rapid means of extracting extra value from information assets, while minimising risk through accidental and malicious information leakage.
-Clive Longbottom, Founder — QuoCirca