Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Security icon

Discover and Classify Your Data

Provide your data with the protection it deserves.

Many organizations struggle to keep ahead of today’s overwhelming flood of data, resulting in limited value at best, and unmitigated risks at worst. Our research offers strategic and structured guidance on discovering your data and building a classification system that unlocks its value as a powerful decision-making tool while protecting sensitive information and meeting regulatory requirements.

Data backlogs, inadequate data handling procedures, ad hoc classification programs, end-user issues and other technical challenges stand in the way of organizations understanding what data they have. By starting with small, incremental steps and prioritizing the most critical data in collaboration with data owners, data leaders can get a handle on their data inventory, improve accessibility and storage, and maximize data’s value to the organization.

1. You don’t have to do it all at once.

Depending on the size of your data backlog, classifying all your data may not be feasible at the outset. Don’t be afraid to start small, prioritizing and classifying a manageable portion of data, quantifying the results, and reporting them back to management. Then, take the next step of tackling a bigger portion.

2. Keep it simple.

For a data classification system to be robust and useful, it must be as simple as possible, allowing for very little ambiguity. That simplicity must extend to everyone who handles the data, from custodians to end users, all of whose roles and responsibilities must be clearly defined.

3. Classification is an ongoing process.

Data does not stay staticeffective classification must be seen as a process, not a one-time project. This will be especially useful in the realm of risk mitigation, as knowing what data you have and where it lives will help assess its criticality, leading to more accurate threat modelling and security controls investments.

Use this blueprint to start discovering and classifying your data

Our research offers multiphase guidance and a comprehensive array of templates, workbooks, and other tools to formalize and structure your data classification efforts. Use this step-by-step approach to discover the data that matters and build a measurable, auditable, and manageable classification program that protects what you have and allows you to leverage it for maximum organizational benefit.

  • Formalize your classification program by developing classification and policies and standards, establishing a steering committee charter, and assigning roles and responsibilities.
  • Implement your data discovery plan to understand what you have, including interviewing data owners and assessing vendor solutions for technology-assisted discovery.

  • Classify your data by analyzing what you’ve found, identifying technical solutions to classification, and laying the groundwork for maintaining and optimizing your classification program going forward, including establishing key metrics and improving end-user awareness and training.

Discover and Classify Your Data Research & Tools

1. Start with our Discover and Classify Your Data deck.

Use this deck to understand the benefits and opportunities of data classification, anticipate the challenges and obstacles most organizations face, and leverage Info-Tech’s step-by-step methodology to begin your data classification journey.

2. Develop a classification program.

Use these tools and templates to understand the value of data classification and build the outline of your classification program.

3. Discover the data.

Use these detailed tracking and verification tools to comprehensively discover the data you have and consider how to incorporate human- and technology-based tools to simplify the discovery process.

4. Classify the data.

Use these tools to implement the classification program in a way that ensures an appropriate level of protection.

5. Communicate your data classification plan.

Use these customizable awareness materials and comprehensive communication deck to set out and clearly communicate your data classification plan to stakeholders and decision-makers to build support.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.4/10


Overall Impact

$145,200


Average $ Saved

50


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Platinum Equity Advisors LLC

Guided Implementation

10/10

N/A

N/A

Best part was I was able to focus on the documentation I created and receive feedback and advise.

Plastipak Holdings

Guided Implementation

9/10

$68,500

90

worst: had formula issues with one of the tools best: our analyst, Petar - he was responsive, active in finding resolutions, and all-around very ... Read More

Ministry of Industry, Innovation, Science and Technology

Guided Implementation

9/10

$13,700

32

Louisville Water Company

Workshop

9/10

N/A

120

The highlight of the experience was the extensive amount of data collected, along with Safayat's valuable context explaining the purpose of the wor... Read More

Black & McDonald Limited

Guided Implementation

8/10

$10,000

6

Good high level overview of approach/offering. Difficult to estimate any savings at this point.

County of Stafford

Workshop

9/10

$100K

110

The RACI tool efforts were very time-consuming but necessary. Otherwise, it was a great experience.

City of Winter Park

Guided Implementation

9/10

N/A

5

Safayat is very knowledgeable. He seems to have a complete grasp of the subject matter. It was very easy to interact with him.

Flight Centre Australia

Guided Implementation

9/10

$13,700

10

Excellent engagement, validation our approach and gave us strong steer with regard to next steps, no bad aspects of the engagement

Goodwill Industries of Middle Tennessee, Inc.

Guided Implementation

10/10

$13,700

10

Mainstreet

Guided Implementation

10/10

$10,000

50

Safayat and Greg are patient and take the time to understand our requirements.

Kentucky Cabinet for Health and Family Services

Workshop

10/10

N/A

50

The ITRG team worked diligently with us before the workshop to better understand our priorities, and Erik did a great job tailoring the workshop co... Read More

PA Public Utility Commission

Workshop

10/10

$1.37M

120

As a regulatory agency, there are significant fines and consequences such as prison that result from improperly dealing with CSI (Confidential Secu... Read More

Community Living Toronto

Guided Implementation

10/10

$10,000

32

safayet was amazing and very thorough. please keep up the great work.

City of Santa Fe

Workshop

10/10

$68,500

50

The facilitation was great, and the material aligned to what we needed to meet the City's objectives.

United Nations International Computing Centre

Guided Implementation

10/10

N/A

N/A

Professionalism, flexibility and availability of the expert.

Commonwealth of Virginia - Office of the Attorney General

Guided Implementation

10/10

$2,603

20

Alan was very helpful and accommodating to our needs.

Ministry of Industry, Innovation, Science and Technology

Guided Implementation

8/10

$61,706

50

Central Bank of Barbados

Guided Implementation

10/10

N/A

N/A

Anu has a cheerful disposition paired with knowledge and experience. Thanks to her, we were able to advance our data discovery efforts for nine (9... Read More

Noble Research Institute, LLC

Guided Implementation

8/10

$2,519

5

Goodwill Industries of South Florida

Guided Implementation

10/10

N/A

10

Central Bank of Barbados

Workshop

9/10

$47,500

50

The best part was that Reddy’s expertise in this area was excellence guidance for us. He was able to not only describe the best practice approach t... Read More

Lawyers’ Professional Indemnity Company

Workshop

9/10

$16,000

90

Best part is in just 4 days we were able to achieve months worth of work.

Sterilite Corporation

Workshop

9/10

$31,499

50

Interdigital Communications

Guided Implementation

9/10

$27,719

10

City Of Issaquah

Guided Implementation

10/10

$29,609

120

Logan has been a great mentor! always on time and ready to help!

Forrester Construction

Guided Implementation

10/10

$5,039

3

Best part was that Alan was very knowledgeable and accommodating throughout the experience. He provided additional internal and external resources... Read More

American Transmission Company

Guided Implementation

10/10

N/A

N/A

This project wasn't about saving time or money, but was about defining a framework to consistently assess cyber threats and appropriate system secu... Read More

Deltec Bank & Trust Limited

Workshop

9/10

$69,299

120

The entire workshop experience was awesome. Reddy, years of experience were needed and appreciated to get through this workshop.

Kleinfelder Group

Workshop

10/10

$30,999

10

I don't have any negative feedback to provide. Cassandra was very supportive and accommodating in helping us move our data security program forwar... Read More

American National Insurance Company Inc

Guided Implementation

9/10

N/A

N/A

The advice given confirms the approach we are taking and is valuable in that respect.


Workshop: Discover and Classify Your Data

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Formalize the classification program

The Purpose

  • Establish a structured and governance-driven approach to data classification by defining policies, standards, and responsibilities.

Key Benefits Achieved

  • Gain a formalized data classification program with clear policies, governance, and compliance alignment. Laying the foundation for scalable and effective data classification, to ensure information is properly managed and secured.

Activities

Outputs

1.1

Develop a steering committee charter to provide oversight and leadership.

  • A structured governance body to guide decision-making and ensure accountability.
1.2

Identify relevant regulations to align classification policies with legal and industry standards.

  • A compliance-driven classification framework that reduces regulatory risks and enhances audit readiness.
1.3

Create a data classification policy to define how data is categorized and managed.

  • Formalized definitions and requirements for operationalizing a data classification program.
1.4

Assign roles and responsibilities to stakeholders involved in classification efforts.

  • Clearly defined RACI chart, ensuring effective enforcement and ongoing management of classification initiatives.
1.5

Develop a classification standard with handling requirements across classification levels.

  • Consistent guidelines for data access, storage, retention, and protection, minimizing risks of misclassification or unauthorized access.

Module 2: Discover the data

The Purpose

  • Develop a structured approach to data discovery by leveraging both technology and stakeholder insights.

Key Benefits Achieved

  • Create a clear methodology for discovering and understanding the organization's data assets. This ensures that future classification efforts are accurate, efficient, and aligned with business needs.

Activities

Outputs

2.1

Consider data governance and DLP solutions for automated and technology-assisted data discovery.

  • Clear understanding of key attributes to evaluate when selecting a tool, ensuring the right fit for the organization’s needs.
2.2

Conduct interviews with data owners to gather business context and validate technical findings.

  • A systematic approach for conducting data discovery interviews, ensuring alignment between business and IT perspectives.

Module 3: Classify the data

The Purpose

  • Classify data based on sensitivity, regulatory requirements, and business value while ensuring accuracy and consistency in classification levels.

Key Benefits Achieved

  • Obtain insights from classified data to enable better risk mitigation, data management, and policy enforcement across the enterprise.

Activities

Outputs

3.1

Assign classification labels according to predefined policies and sensitivity levels.

  • A centralized and organized data inventory, ensuring that data is categorized consistently across the organization.
3.2

Use classification insights to streamline storage, retention, and archiving strategies.

  • Improve efficiency by potentially eliminating redundant or obsolete data, while prioritizing protection for high-value assets.

Module 4: Plan to implement the program

The Purpose

  • Operationalize and sustain the data classification program through ongoing measurement, user adoption, and continuous improvement.

Key Benefits Achieved

  • Proactively ensure long-term sustainability, compliance, and effectiveness of the data classification program.

Activities

Outputs

4.1

Prioritize and track meaningful metrics using the Data Classification Metrics Tracking Tool.

  • A list of key performance indicators (KPIs) to measure classification success, compliance adherence, and security improvements
4.2

Develop a plan for end-user awareness and training to ensure employees understand classification policies and responsibilities

  • Improved user engagement and accountability, reducing misclassification risks and strengthening compliance.
4.3

Communicate program status and updates to leadership and key stakeholders through structured reporting.

  • A customized program communication deck, fostering executive buy-in, cross-functional collaboration, and accountability.

Provide your data with the protection it deserves.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.4/10
Overall Impact

$145,200
Average $ Saved

50
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

You get:

  • Discover and Classify Your Data – Phases 1-3
  • Data Classification Steering Committee Charter
  • Data Classification Policy
  • Data Classification Standard
  • Data Classification RACI Tool
  • User Data Handling Requirements Tool
  • Data Discovery Interview Tracking Tool
  • Data Classification Verification Tool
  • Data Classification Inventory Tool
  • Data Classification Metrics Tracking Tool
  • Data Classification Program Communication Deck
  • Data Classification Awareness Pamphlet
  • Data Classification Awareness Poster

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Formalize the Classification Program
  • Call 1: Establish a data classification steering committee.
  • Call 2: Formalize data classification documentation.

Guided Implementation 2: Discover the Data
  • Call 1: Plan data discovery.
  • Call 2: Implement data discovery.

Guided Implementation 3: Classify the Data
  • Call 1: Classify the data.
  • Call 2: Maintain and optimize the program.

Authors

Safayat Moahamad

Logan Rohde

Contributors

  • Charles Tatosi Chavapi, Information Security Manager, Tadebswana Mining Industry
  • Jim Finlayson, IT Director, City of Grand Junction
  • Diane Kelly, Information Security Manager, Colorado Judicial ITS
  • Ken Dewitt, IT Director, Navajo County
  • Liam Guan, Enterprise Information Management Advisor, Ontario Lottery and Gaming Corporation
  • Leon Letto, Senior Technical Sales Engineer, AirWatch
  • Jim McGann, Vice-President, Marketing and Business Development, Index Engines, Inc.
  • Ian Parker, Head of Information Security, Risk and Compliance, Fujitsu
  • Doug Waram, Director of IT, County of Wellington
  • William Mendez, Information System Security Officer, City of Miami
  • Claudiu Popa, President & CEO, Informatica Corporation
  • Chris Whiting, Solutions Architect, APA Group
Visit our IT’s Moment: A Technology-First Solution for Uncertain Times Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171