€24.99 – €27.98
Data Classification Levels:
- Public
- Definition: Data intended for unrestricted public access. Disclosure poses no risk to the organization.
- Examples:
- Marketing materials (e.g., brochures, press releases).
- Published financial reports.
- Job postings.
- Access Controls: Available to anyone, internal or external to the organization.
- Handling Requirements:
- No encryption required.
- May be stored on public-facing systems.
- Internal
- Definition: Data intended for internal use within the organization. Unauthorized disclosure may have minor risks.
- Examples:
- Internal policies and procedures.
- Employee directories.
- Non-sensitive project documentation.
- Access Controls: Restricted to employees and authorized contractors.
- Handling Requirements:
- Store on secure internal systems.
- Encrypted for external transmission (e.g., via email).
- Confidential
- Definition: Data that is sensitive and intended only for specific employees, teams, or departments. Unauthorized access could harm the organization.
- Examples:
- Customer data (e.g., contact information).
- Non-public financial information.
- Vendor contracts and agreements.
- Access Controls: Limited to designated individuals based on roles.
- Handling Requirements:
- Must be stored in encrypted systems.
- Access must be logged and monitored.
- Restricted
- Definition: Highly sensitive data that, if disclosed, could result in severe financial, legal, or reputational damage.
- Examples:
- Personally Identifiable Information (PII).
- Intellectual property (e.g., patents, trade secrets).
- Regulatory compliance data (e.g., HIPAA, GDPR-protected data).
- Access Controls: Strictly controlled and limited to a “need-to-know” basis.
- Handling Requirements:
- Data must always be encrypted (at rest and in transit).
- Multi-factor authentication required for access.
- Regular audits to ensure compliance.
