Discover and Classify Your Data
Provide your data with the protection it deserves.
Many organizations struggle to keep ahead of today’s overwhelming flood of data, resulting in limited value at best, and unmitigated risks at worst. Our research offers strategic and structured guidance on discovering your data and building a classification system that unlocks its value as a powerful decision-making tool while protecting sensitive information and meeting regulatory requirements.
Data backlogs, inadequate data handling procedures, ad hoc classification programs, end-user issues and other technical challenges stand in the way of organizations understanding what data they have. By starting with small, incremental steps and prioritizing the most critical data in collaboration with data owners, data leaders can get a handle on their data inventory, improve accessibility and storage, and maximize data’s value to the organization.
1. You don’t have to do it all at once.
Depending on the size of your data backlog, classifying all your data may not be feasible at the outset. Don’t be afraid to start small, prioritizing and classifying a manageable portion of data, quantifying the results, and reporting them back to management. Then, take the next step of tackling a bigger portion.
2. Keep it simple.
For a data classification system to be robust and useful, it must be as simple as possible, allowing for very little ambiguity. That simplicity must extend to everyone who handles the data, from custodians to end users, all of whose roles and responsibilities must be clearly defined.
3. Classification is an ongoing process.
Data does not stay static – effective classification must be seen as a process, not a one-time project. This will be especially useful in the realm of risk mitigation, as knowing what data you have and where it lives will help assess its criticality, leading to more accurate threat modelling and security controls investments.
Use this blueprint to start discovering and classifying your data
Our research offers multiphase guidance and a comprehensive array of templates, workbooks, and other tools to formalize and structure your data classification efforts. Use this step-by-step approach to discover the data that matters and build a measurable, auditable, and manageable classification program that protects what you have and allows you to leverage it for maximum organizational benefit.
- Formalize your classification program by developing classification and policies and standards, establishing a steering committee charter, and assigning roles and responsibilities.
- Implement your data discovery plan to understand what you have, including interviewing data owners and assessing vendor solutions for technology-assisted discovery.
- Classify your data by analyzing what you’ve found, identifying technical solutions to classification, and laying the groundwork for maintaining and optimizing your classification program going forward, including establishing key metrics and improving end-user awareness and training.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.4/10
Overall Impact
$145,200
Average $ Saved
50
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Platinum Equity Advisors LLC
Guided Implementation
10/10
N/A
N/A
Best part was I was able to focus on the documentation I created and receive feedback and advise.
Plastipak Holdings
Guided Implementation
9/10
$68,500
90
worst: had formula issues with one of the tools best: our analyst, Petar - he was responsive, active in finding resolutions, and all-around very ... Read More
Ministry of Industry, Innovation, Science and Technology
Guided Implementation
9/10
$13,700
32
Louisville Water Company
Workshop
9/10
N/A
120
The highlight of the experience was the extensive amount of data collected, along with Safayat's valuable context explaining the purpose of the wor... Read More
Black & McDonald Limited
Guided Implementation
8/10
$10,000
6
Good high level overview of approach/offering. Difficult to estimate any savings at this point.
County of Stafford
Workshop
9/10
$100K
110
The RACI tool efforts were very time-consuming but necessary. Otherwise, it was a great experience.
City of Winter Park
Guided Implementation
9/10
N/A
5
Safayat is very knowledgeable. He seems to have a complete grasp of the subject matter. It was very easy to interact with him.
Flight Centre Australia
Guided Implementation
9/10
$13,700
10
Excellent engagement, validation our approach and gave us strong steer with regard to next steps, no bad aspects of the engagement
Goodwill Industries of Middle Tennessee, Inc.
Guided Implementation
10/10
$13,700
10
Mainstreet
Guided Implementation
10/10
$10,000
50
Safayat and Greg are patient and take the time to understand our requirements.
Kentucky Cabinet for Health and Family Services
Workshop
10/10
N/A
50
The ITRG team worked diligently with us before the workshop to better understand our priorities, and Erik did a great job tailoring the workshop co... Read More
PA Public Utility Commission
Workshop
10/10
$1.37M
120
As a regulatory agency, there are significant fines and consequences such as prison that result from improperly dealing with CSI (Confidential Secu... Read More
Community Living Toronto
Guided Implementation
10/10
$10,000
32
safayet was amazing and very thorough. please keep up the great work.
City of Santa Fe
Workshop
10/10
$68,500
50
The facilitation was great, and the material aligned to what we needed to meet the City's objectives.
United Nations International Computing Centre
Guided Implementation
10/10
N/A
N/A
Professionalism, flexibility and availability of the expert.
Commonwealth of Virginia - Office of the Attorney General
Guided Implementation
10/10
$2,603
20
Alan was very helpful and accommodating to our needs.
Ministry of Industry, Innovation, Science and Technology
Guided Implementation
8/10
$61,706
50
Central Bank of Barbados
Guided Implementation
10/10
N/A
N/A
Anu has a cheerful disposition paired with knowledge and experience. Thanks to her, we were able to advance our data discovery efforts for nine (9... Read More
Noble Research Institute, LLC
Guided Implementation
8/10
$2,519
5
Goodwill Industries of South Florida
Guided Implementation
10/10
N/A
10
Central Bank of Barbados
Workshop
9/10
$47,500
50
The best part was that Reddy’s expertise in this area was excellence guidance for us. He was able to not only describe the best practice approach t... Read More
Lawyers’ Professional Indemnity Company
Workshop
9/10
$16,000
90
Best part is in just 4 days we were able to achieve months worth of work.
Sterilite Corporation
Workshop
9/10
$31,499
50
Interdigital Communications
Guided Implementation
9/10
$27,719
10
City Of Issaquah
Guided Implementation
10/10
$29,609
120
Logan has been a great mentor! always on time and ready to help!
Forrester Construction
Guided Implementation
10/10
$5,039
3
Best part was that Alan was very knowledgeable and accommodating throughout the experience. He provided additional internal and external resources... Read More
American Transmission Company
Guided Implementation
10/10
N/A
N/A
This project wasn't about saving time or money, but was about defining a framework to consistently assess cyber threats and appropriate system secu... Read More
Deltec Bank & Trust Limited
Workshop
9/10
$69,299
120
The entire workshop experience was awesome. Reddy, years of experience were needed and appreciated to get through this workshop.
Kleinfelder Group
Workshop
10/10
$30,999
10
I don't have any negative feedback to provide. Cassandra was very supportive and accommodating in helping us move our data security program forwar... Read More
American National Insurance Company Inc
Guided Implementation
9/10
N/A
N/A
The advice given confirms the approach we are taking and is valuable in that respect.
Workshop: Discover and Classify Your Data
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Formalize the classification program
The Purpose
Key Benefits Achieved
Activities
Outputs
Develop a steering committee charter to provide oversight and leadership.
- A structured governance body to guide decision-making and ensure accountability.
Identify relevant regulations to align classification policies with legal and industry standards.
- A compliance-driven classification framework that reduces regulatory risks and enhances audit readiness.
Create a data classification policy to define how data is categorized and managed.
- Formalized definitions and requirements for operationalizing a data classification program.
Assign roles and responsibilities to stakeholders involved in classification efforts.
- Clearly defined RACI chart, ensuring effective enforcement and ongoing management of classification initiatives.
Develop a classification standard with handling requirements across classification levels.
- Consistent guidelines for data access, storage, retention, and protection, minimizing risks of misclassification or unauthorized access.
Module 2: Discover the data
The Purpose
Key Benefits Achieved
Activities
Outputs
Consider data governance and DLP solutions for automated and technology-assisted data discovery.
- Clear understanding of key attributes to evaluate when selecting a tool, ensuring the right fit for the organization’s needs.
Conduct interviews with data owners to gather business context and validate technical findings.
- A systematic approach for conducting data discovery interviews, ensuring alignment between business and IT perspectives.
Module 3: Classify the data
The Purpose
Key Benefits Achieved
Activities
Outputs
Assign classification labels according to predefined policies and sensitivity levels.
- A centralized and organized data inventory, ensuring that data is categorized consistently across the organization.
Use classification insights to streamline storage, retention, and archiving strategies.
- Improve efficiency by potentially eliminating redundant or obsolete data, while prioritizing protection for high-value assets.
Module 4: Plan to implement the program
The Purpose
Key Benefits Achieved
Activities
Outputs
Prioritize and track meaningful metrics using the Data Classification Metrics Tracking Tool.
- A list of key performance indicators (KPIs) to measure classification success, compliance adherence, and security improvements
Develop a plan for end-user awareness and training to ensure employees understand classification policies and responsibilities
- Improved user engagement and accountability, reducing misclassification risks and strengthening compliance.
Communicate program status and updates to leadership and key stakeholders through structured reporting.
- A customized program communication deck, fostering executive buy-in, cross-functional collaboration, and accountability.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
You get:
- Discover and Classify Your Data – Phases 1-3
- Data Classification Steering Committee Charter
- Data Classification Policy
- Data Classification Standard
- Data Classification RACI Tool
- User Data Handling Requirements Tool
- Data Discovery Interview Tracking Tool
- Data Classification Verification Tool
- Data Classification Inventory Tool
- Data Classification Metrics Tracking Tool
- Data Classification Program Communication Deck
- Data Classification Awareness Pamphlet
- Data Classification Awareness Poster
Need Extra Help?
Speak With An Analyst
Get the help you need in this 3-phase advisory process. You'll receive 6 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Formalize the Classification Program
- Call 1: Establish a data classification steering committee.
- Call 2: Formalize data classification documentation.
Guided Implementation 2: Discover the Data
- Call 1: Plan data discovery.
- Call 2: Implement data discovery.
Guided Implementation 3: Classify the Data
- Call 1: Classify the data.
- Call 2: Maintain and optimize the program.
Contributors
- Charles Tatosi Chavapi, Information Security Manager, Tadebswana Mining Industry
- Jim Finlayson, IT Director, City of Grand Junction
- Diane Kelly, Information Security Manager, Colorado Judicial ITS
- Ken Dewitt, IT Director, Navajo County
- Liam Guan, Enterprise Information Management Advisor, Ontario Lottery and Gaming Corporation
- Leon Letto, Senior Technical Sales Engineer, AirWatch
- Jim McGann, Vice-President, Marketing and Business Development, Index Engines, Inc.
- Ian Parker, Head of Information Security, Risk and Compliance, Fujitsu
- Doug Waram, Director of IT, County of Wellington
- William Mendez, Information System Security Officer, City of Miami
- Claudiu Popa, President & CEO, Informatica Corporation
- Chris Whiting, Solutions Architect, APA Group
Assess and Manage Security Risks
Assess Your Cybersecurity Insurance Policy
Achieve Digital Resilience by Managing Digital Risk
Prevent Data Loss Across Cloud and Hybrid Environments
Build an IT Risk Management Program
Develop and Deploy Security Policies
Fast Track Your GDPR Compliance Efforts
Build a Security Compliance Program
Embed Privacy and Security Culture Within Your Organization
Establish Effective Security Governance & Management
Improve Security Governance With a Security Steering Committee
Develop Necessary Documentation for GDPR Compliance
Reduce and Manage Your Organization’s Insider Threat Risk
Satisfy Customer Requirements for Information Security
Responsibly Resume IT Operations in the Office
Master M&A Cybersecurity Due Diligence
Integrate IT Risk Into Enterprise Risk
Present Security to Executive Stakeholders
Deliver Customer Value by Building Digital Trust
Address Security and Privacy Risks for Generative AI
Protect Your Organization's Online Reputation
Develop an AI Compliance Strategy
Get Started With AI Red-Teaming
Achieve CMMC Compliance Effectively
Building Info-Tech’s Chatbot
Building the Road to Governing Digital Intelligence
An Operational Framework for Rolling Out AI
Discover and Classify Your Data
