Policy Manager helps keep your data safe by:
- Classifying data based on sensitivity
- Connecting these classifications to specific data
Personal information
In any organization, personal information needs to be adequately protected. Typically, your Privacy team sets up the Data Classification Policy, where they classify the data based on how sensitive or critical it is.
Consider the following three classifications for sensitivity:
- Public data: Least sensitive data.
- Private data: Slightly more sensitive than public data.
- Restricted data: Most sensitive data and therefore needs the highest level of protection.
These classifications help determine what level of security is needed for the applications that store or move the data.
A Policy asset and its standards can be linked to the relevant assets, such as Data assets or Technology assets, via the “complies with” relation.
The following image shows the standard subassets of the Data Classification Policy asset.
The following image shows a diagram depicting how the Data Classification Policy asset is cascaded down into logical and physical data layers.
Retention policy
Retention policy defines how long data should be retained. For example, some personal data might need to be stored only for one year. Policy Manager helps enforce these retention policies, ensuring that information is removed when it's no longer needed.
