Data Classification & Criticality
Classify data and services by sensitivity and criticality so security controls, monitoring, and response priorities align with business impact and obligations.
Not all data and services are equal. This use case helps the business agree what is most sensitive and what is most critical, so protection and response plans focus where it matters.
Outcomes¶
- Clear handling requirements for sensitive data
- Better prioritization of controls and monitoring based on criticality
- Faster, more consistent incident classification and escalation
- Improved compliance with privacy and sector regulations
Typical scope¶
- Classification schemes (sensitivity, confidentiality, retention)
- Critical service tiers (availability and recovery expectations)
- Mapping to required controls (access, encryption, monitoring, backups)
- Review and governance (who can change classifications)