HomeServicesConsulting ServicesInformation AssuranceInformation Classification
Information Classification

Whether informal, formal, or best practice, all companies have budgeting processes for controls. But organizations must ask themselves these questions.

  • How is that control investment applied?
  • What data are available to determine whether the thousands of touch points that you need to control are, in fact, being adequately controlled but not over controlled?
  • Is the control investment designed and applied to achieve this balance?

A well designed information classification framework identifies risk and defines how and where to apply control investment. An effective information classification program facilitates a change in process and a top-down commitment that change is required, results that are rarely accomplished through technology implementation alone. An information classification project presents an organization with a methodology for creating a policy, an assessment and inventory of information asset types, and definitions for classification types. Further, it defines information classification roles and responsibilities and classifies information assets to develop an effective information classification program. Ensuring that information assets receive a cost-effective level of protection according to their value to the organization and the risk of disclosure or loss is the goal. 

AMERICAN SYSTEMS uses a risk management approach. We have found that strong governance and appropriate awareness create the best environment for integrating new or business processes successfully.

The following are benefits of an enterprise-wide information classification program:

  • Information Confidentiality, Integrity, and Availability—The program improves information confidentiality, integrity, and availability because the organization uses appropriate controls for all information resources across the enterprise.
  • Industry and Government Regulatory Compliance—An information classification identifies and classifies information resources and implements controls to meet information protection requirements established by such regulations as Sarbanes-Oxley, HIPPA, and Gramm Leach Bliley.
  • Return on Investment for Controls Implementation—The organization gets the best ROI for its information protection budget because we design and implement protection mechanisms where they are needed most. We can, therefore, implement less costly controls for less sensitive information assets.
  • High Confidence Level in Decision Support Information—The quality of decisions is improved because the organization can trust the data on which they base those decisions
  • Information Asset Protection Life Cycle—The organization has a process for reviewing all information asset requirements on a periodic basis and determining appropriate information classification.