Add data classification standard
This commit is contained in:
parent
a9f8e7a1bd
commit
1ed53abe8c
1 changed files with 18 additions and 0 deletions
18
standards/data-classification.md
Normal file
18
standards/data-classification.md
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Data Classification Standard
|
||||||
|
|
||||||
|
**Version:** 1.0 | **Owner:** Compliance | **Classification:** Internal
|
||||||
|
|
||||||
|
## Classification levels
|
||||||
|
|
||||||
|
| Level | Examples | Handling |
|
||||||
|
|-------|---------|---------|
|
||||||
|
| Public | Marketing materials, press releases | No restrictions |
|
||||||
|
| Internal | This document, org charts | Nexus staff only |
|
||||||
|
| Confidential | Customer data, financial reports | Need-to-know, encrypt at rest |
|
||||||
|
| Restricted | Credentials, encryption keys, PII | Vault only, no email, audit logged |
|
||||||
|
|
||||||
|
## PII handling
|
||||||
|
|
||||||
|
All personally identifiable information is classified as **Confidential** minimum.
|
||||||
|
Processing of PII requires GDPR lawful basis and must be documented in the data register.
|
||||||
|
Contact dpo@nexus.local with questions.
|
||||||
Loading…
Reference in a new issue