Contents

Summary

Data classification is the categorisation of information, helping to show the sensitivity of data and information within DfE and is an essential part of our data management processes.

Categories

The categories applicable to this standard are:

Information and Data Management
  • Data Governance
  • Data Lifecycle
Security
  • Information Security

Purpose

Correct classification brings consistency and improves understanding. helping to determine how data should be accessed, handled, stored, used and shared.

A uniform approach to data classification will give consistency, improve understanding and governance of data and information within DfE. It informs the department to implement the right management, security, usage and retention decisions.

Correct classification makes sure appropriate protection is applied to all data and information held. It will also help determine how data should be accessed & handled, ensuring sensitive and confidential data remains secure.

How to meet this standard

To be compliant, you need to ensure data and information is classified using the cross-government standards.

What all DfE staff, including consultants, contractors and third party suppliers must do

  1. Ensure data and information is classified based on the Government Security Classification and handling instructions as mandated by the Cabinet Office.

What Data Stewards must do, in addition to the Government Security Classification

  1. Classify data using the risk of identification table, each data attribute must have an appropriate rating applied (1 to 6).
  2. Classify data using the sensitivity of identification table, each data attribute must have an appropriate rating applied (A to E).
  3. Classify data as personal data or special category data, if applicable.
  4. Ensure data classification labels and their usage is reviewed on an annual basis and / or when changes are notified to them by the Cabinet Office.
  5. Ensure relevant subject taxonomy terms are applied, if applicable.
  6. Ensure critical data is identified and where applicable the Essential Shared Data Asset (ESDA) term applied.

See Gateway to Data Compliance (DfE Intranet) for more details on how to apply this standard.

Declaring conformance with this standard

Conformance with the standard must be recorded every 12 months.

Owner and contacts

Standard owner
Saheel Sankriwala
Chief Technology and Data Officer
Other point of contact
DDT Standards
Team