DailyWF / Policies
Data Classification
Define simple levels for data sensitivity and required handling.
Policy intent
Data Classification should express a rule people can follow under pressure: what is expected, what is prohibited, who can approve exceptions, and what evidence is required.
Minimum content
- Define who and what the policy covers, including systems, data, tools, users, vendors, and exceptions.
- Purpose, scope, and covered parties.
- Required behavior and prohibited behavior.
- Approval, exception, and review path.
- Evidence or recordkeeping expectation.
Expected output
A policy page that states expectations clearly enough to guide approval, exception, and review decisions.
Common failure mode
Keeping the document as a form instead of using it to make decisions visible.
Use notes
| Authority | Identify who can approve, deny, and grant exceptions. |
|---|---|
| Exception handling | Give exceptions an owner, reason, expiration, and review date. |
| Review point | Review when law, tools, contracts, ownership, or operational risk changes. |
Related pages
- AI Assisted WorkDefine acceptable use of AI tools for drafting, analysis, automation, and sensitive data.
- Acceptable UseDefine responsible use of systems, accounts, data, and shared resources.
- Access ReviewDefine how access is reviewed, changed, approved, and removed.
- Change ManagementDefine when changes require review, approval, notice, or rollback planning.
- Incident NotificationDefine who must be notified when incidents affect service, data, obligations, or reputation.
Use this with a tool
Find related documents, copy a checklist, or request a missing workflow.