Data Classification — Study Guide
Review these materials before taking the exam. All links open in the Krumware Confluence IO space.
Key Concepts
- 4-tier system: Public (Level 1), Private (Level 2), Confidential (Level 3, the default), Highly Confidential (Level 4).
- Default rule: All data is Confidential (Level 3) until explicitly classified otherwise.
- When in doubt, go higher. Over-protecting is always better than under-protecting.
- Credentials, API keys, and secrets are always Highly Confidential (Level 4).
- Approved storage: Google Workspace, Atlassian, GitHub (private repos), cloud services. Secrets go in Vault/KMS/GitHub Secrets only.
- Prohibited storage for Level 2+: Personal email, personal cloud, USB drives, AI tools that retain inputs, unencrypted devices.
- Reclassification: You're responsible for reclassifying data you own when context changes.
Policy References
| Document | Relevance |
|---|---|
| TRN-002 Data Classification Guide | Full training guide — decision tree, examples, common mistakes |
| POL-002 Data Protection Policy | Governing policy — data classification tiers, retention, disposal, client data handling |
| POL-007 Acceptable Use & Communications Policy | Where and how data may be stored and transmitted |
| STD-002 Encryption Standard | Encryption requirements for data at rest and in transit |
Related Evidence & Inventories
| Document | Relevance |
|---|---|
| EVD-001 Enterprise Asset Inventory | Tracks devices that store classified data |
| EVD-002 Software Inventory | Approved software for handling classified data |