Kick start your Sensitivity labels

I regularly get the question if I have a baseline for Sensitivity labels. Although this is very much depending on your needs and requirements, I’m using a set for demo purpose which can help you kick start your content classification.

Important to keep in mind with Sensitivity labels is, it is key to have proper naming and descriptions for the labels. The label and description is used by the end users to determine which classification they need to choose. So, choose wisely when implementing this!

A couple of recommendations on naming the labels and description, ensure the label reflects a clear naming which is part of the organizational terminology. The description can be separated into an explanation and examples of content which reflect the classification.

The following list highlights examples of a Sensitivity classification:

  • Public
  • Internal, General, Business Use Only
  • Confidential
  • Secret, Highly Confidential
Sensitivity labels in Outlook Web Access (Office 365)
Sensitivity labels in Outlook Web Access (Office 365)

Adding some more context to the classification explains what a classification means and where to apply this.

Public classification

The public classification label applies to information that is available to the general public and intended for distribution outside an organization. This information may be freely distributed without risk of harm. Any information that is produced for public consumption — such as news releases, job announcements, and sales brochures — are good examples.

Internal classification

The “business use only” classification label applies to information that is used in business processes, and the unauthorized disclosure, modification or destruction of which is not expected to seriously affect the organization, customers, employees or business partners. Any information that is used in routine business matters — such as internal policy manuals and company phone lists — are good examples.

Confidential classification

The confidential classification label applies to information that is used in sensitive business processes, the unauthorized disclosure, modification or destruction of which will adversely affect an organization, its customers, employees or business partners. Examples of sensitive information include intellectual property, contract negotiations, most personnel matters, personally identifiable information, protected health data, bank account numbers and payment card information of customers and employees.

Leadership Team

The “Leadership Team” can be used as a subset of “Confidential” , see image above.

The leadership team classification labels applies to information that is used for the leadership team only.  Examples of sensitive information include management reports, strategic plans, litigation and more.

Secret classification

The confidential classification label applies to information that is used in extremely sensitive information business processes, which the unauthorized disclosure, modification or destruction of would seriously harm the organization, its customers, employees or business partners. Examples for health organizations include medical records relating to mental health, sexually transmitted diseases, HIV testing and substance abuse. Examples for other organizations include documents used in mergers, strategic plans and litigation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: