Information classification
Alternative names | Classification |
---|---|
Status | planned |
Since | 4.9 |
Description
Applications and other objects that represent can be classified to categories and levels, describing sensitivity of the assets. Classification labels are reflected to the roles, and can be used to construct policies. Classifications are defined in a form of policy objects, using appropriate archetype.
Documentation
Version | Introduction | Guides | Configuration | Examples | Plans |
---|---|---|---|---|---|
All versions | Classification Improvements |
||||
Development | Information Classification and Clearances |
||||
4.8 | Information Classification and Clearances |
Related Features
-
Policy (concept) (planned)
-
Risk management (planned)
Compliance
This feature is related to the following compliance frameworks:
-
ISO/IEC 27001 5.2: Information security roles and responsibilities
-
ISO/IEC 27001 5.8: Information security in project management
-
ISO/IEC 27001 5.9: Inventory of information and other associated assets
-
ISO/IEC 27001 5.10: Acceptable use of information and other associated assets
-
ISO/IEC 27001 5.19: Information security in supplier relationships
-
ISO/IEC 27001 5.20: Addressing information security within supplier agreements
-
ISO/IEC 27001 5.21: Managing information security in the ICT supply chain
-
ISO/IEC 27001 5.22: Monitoring, review and change management of supplier services
-
ISO/IEC 27001 5.23: Information security for use of cloud services
-
ISO/IEC 27001 5.25: Assessment and decision on information security events
-
ISO/IEC 27001 5.31: Legal, statutory, regulatory and contractual requirements
-
ISO/IEC 27001 6.3: Information security awareness, education and training
-
ISO/IEC 27001 6.5: Responsibilities after termination or change of employment
-
ISO/IEC 27001 6.6: Confidentiality or non-disclosure agreements
-
ISO/IEC 27001 8.19: Installation of software on operational systems
-
ISO/IEC 27001 8.27: Secure system architecture and engineering principles