Level of information classification
Hello all, I wanted to know what would be the most appropriate level of information classification given to the sensitive and Non-sensitive PII.
Are they considered confidential or less? or just restricted?
Assign topic to the user
ISO 27001 INFORMATION CLASSIFICATION POLICY
Define the classification levels and how to protect the information.
Get it now 
ISO 27001 INFORMATION CLASSIFICATION POLICY
Define the classification levels and how to protect the information.
Get it now
ISO 27001 INFORMATION CLASSIFICATION POLICY
Define the classification levels and how to protect the information.
Get it now
Considering ISO 27001 requirements and controls, to define the proper classification level for your information, you have to consider:
- the results of risk assessment
- legal requirements (e.g., laws, regulations, and contracts) applicable to your organization
For example, Article 9 of EU GDPR defines special categories of personal data https://advisera.com/eugdpracademy/gdpr/processing-of-special-categories-of-personal-data/ which you should classify with a higher confidentiality level, while the rest of the personal data you can classify with lower confidentiality level.
This article will provide you a further explanation about information classification:
- Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
Comment as guest or Sign in
Feb 20, 2020