Having a clear understanding of the information the organization handles and identifying which compliance standards are applicable, we will provide a methodology for categorizing the different types of data that the organization creates and recommending different levels of classification (confidential, reserved, public, etc.).
Why is it important
Since not all data can be treated equally because the information has different levels of sensitivity, certain information can be confidential; others may be classified as public, or reserved only for certain departments. However, replicating the correct criteria to make this classification not only with the existing information but with the new data that is generated day by day by each user, can be an overwhelming task, but necessary if we want to apply access controls, implement data loss prevention technologies, or even decide the level of protection and treatment that certain information will have.