In the Information Classification Policy under the Information Labeling section there is a statement that one should display the confidentiality level in applications and databases on the system access screen. We are having a hard time putting this into practice for let's say a database being accessed through a 3rd party tool like pgadmin or other 3rd party software where we do not control the appearance.
Answer: This statement is only a recommendation. ISO 27001 control A.8.2.2 (Labeling of information) does not define any form of labeling, only that a labeling procedure must be defined and implemented (if the control is considered applicable). How to label information is an organization's decision. In cases where the implementation of labeling is not feasible, or it will require much effort or resources, an organization can define that labeling will not be applicable.