**Definition:**
"A *data classification* identifies the value of the data to the organization. Classification labels, the method by which they are assigned, and the required protection associated with the different labels, are identified in a policy." 
Source: [CISSP_OSG_Chapter_5](../Standards/CISSP/CISSP_OSG_Chapter_5.md#Defining%20data%20Classifications)

Classification criteria should be risk based, for instance on potential damage to the organization, the privacy of individuals, national security, economic interests, or other critical concerns.

See also:
[Datatags System](../Literature%20notes/Datatags%20System.md)
[Def_Sec_Handbook_Chapter_2](../Literature%20notes/Def_Sec_Handbook_Chapter_2.md#Information%20classification)
[ISO 27002:2022 NL A5.12](../Standards/ISO27x/OST/27002/NL/a-5.12-Classificeren-van-informatie.md)
[Designing an information management scheme](../Literature%20notes/Designing%20an%20information%20management%20scheme.md)
[Data classification examples from SANS forum](Data%20classification%20examples%20from%20SANS%20forum.md)
[Key Topics for a Classified Information Security Policy](Key%20Topics%20for%20a%20Classified%20Information%20Security%20Policy.md)
[Traffic Light Protocol (TLP)](../Literature%20notes/Traffic%20Light%20Protocol%20TLP.md)

![](Informatie_classificatie_matrix.xlsx)