Many organizations are thinking about document security and how to classify their documents. If you work in a government office, you might have categories like Classified and Top Secret for both paper and electronic documents. If you provide products and services to government or military customers, you may categorize your internal documents with similar designations.
Some organizations think about document classification the way they think about access control to computer systems and files. If you have a document or content management system, you may have granular control of your documents. HR has access to some, Finance others, Engineering another set and so on. You could also go even further by subdividing those designations into Accounts Receivable and Accounts Payable in the case of Finance. Some organizations feel the need for many designations to match every specific situation they may encounter. Others think about internal and external documents.
The classification of a document is usually determined by the level of sensitivity of its contents. Simplifying document classification into three categories is a great way to start. Documents can be Public, Restricted and Confidential. Remember that a document is any content related to the activities of your organization and includes email, audio, video and office type of documents.
A Public document is any content that does not cause harm to any person or the organization if disclosed outside the organization. Sales and marketing literature, public finance information, press releases and anything that you typically share with a wide range of people outside your organization are examples of public documents.
Restricted is typically what you think of as internal only documents. These may be documents you are developing before they become public, such as a press release, or documents that are for the general consumption of people inside the organization.
Confidential documents are those that would cause harm to customers, employees, business partners and your organization if they were disclosed to unauthorized people. Any document with personally identifiable information (PII), salaries, trade secrets, software source code and product drawings are examples of Confidential.
Some organizations may need a fourth categorization, such as Top Secret. These may be restricted to executives or certain individuals within the organization. Acquisition targets, strategic plans, detailed financial projections and health information are examples of these documents.
You can assign these categories to most of the documents inside your organization. Of course you could go crazy and assign Secret, Top Secret, Super Top Secret and so on, but that could become a bit ridiculous to manage. It’s better to think about how you use your documents and develop a few categories to govern them. Once you define these document classes, you can manually assign them to your documents or automate the process.
Start simple as you define your document classification and you will see that most content falls into a few categories. Save the Super Duper Top Secret stuff for the spy novels.
Photo credit RestrictedData