It’s classified – How to handle information classification as part of an ISO 27001 project

As part of any ISO 27001 project, there is a need to classify information with an appropriate level of classification.

Control objective A7.2 in ISO 27001 is titled Information Classification. The objective of this control is ‘To ensure that information receives an appropriate level of protection.’ This control talks about having classification guidelines and then having a set of procedures or processes whereby the information is labelled, or marked, and handled in accordance with those guidelines.

Therefore organisations spend time developing information classification guidelines. They decide, maybe, to split their classifications into 3 or 4 levels such as Public, Private, Confidential and Restricted. They provide examples of the type of document or information against each of the types of classification and include rules such as what measures must be in place (such as encryption) before any information is allowed beyond the organisation’s physical or logical boundary.

But how can you go about applying classifications and labels to information? How can you ensure that your information classification guidelines are correctly applied and followed? The simple answer is through an information classification software solution such as the Boldon James Classifier.

If you want to ensure your information is classified in the right way and that your classification guidelines are enforced, Boldon James Classifier is the solution you need.

Get classified!

There is also a large range of books, toolkits and training available on ISO 27001 to help get your project up to scratch and securing your information. Find out more >>