NYSTEC

• About NYSTEC
  • Practice Areas
  • Management
  • CEO's Letter
  • NYSTEC History
  • NYSTEC Clients
  • Health Care IT
  • Federal Labs
• The NYSTEC Difference
  • Why Choose an Independent Advisor?
  • Your Trusted Advisor
  • The Not-for-Profit Advantage
  • Certifications
  • What NYSTEC Can Do For You
  • Case Studies
• Business Inquiries
• Federal Labs
• Contract With NYSTEC
• Related Links

Data Classification Project

The Client
The client is a major New York State agency that conducts and oversees various government operations.

Project Background
The client agency generates and retains massive stores of information — including paper files, reports, employee and citizen records, and myriad types of electronic data.  The agency sought a better means for managing this information through its life cycle by adopting a new data-classification process.  Evolved from the 19th Century British system of categorizing government documents as “Top Secret,” “Confidential,” and other protective designations, data classification provides a method for facilitating the secure, effective, and efficient use of data.  Based on the job function of each person who needs to review or manipulate information, this process establishes standards for the use, access and disclosure of information on a “need to know” basis, and guarantees the confidentially, integrity, and availability of the information.

Project Summary
The agency hired NYSTEC to develop a data-classification schema, process, and associated controls to ensure that information would be protected throughout its life cycle.  NYSTEC was tapped to develop processes, tools, and documentation to classify the agency’s huge repositories of structured information (stored in data warehouses) and unstructured information (electronic files stored in file shares or paper form).

How NYSTEC Helped
Calling upon its extensive experience with information security and data classification, NYSTEC developed a process to classify all information created, used, and stored by the agency.  NYSTEC took the lead in developing a data-classification standard to serve as the agency’s charter regardless of whether the information is stored on paper or electronically, or how it is used and transmitted.  The standard defined the agency’s Data Classification Schema, or the four categories under which each of its information types would fall: “Restricted Confidential,” “Confidential,” “Internal Use Only,” or “Public.”  The standard also defined the roles and responsibilities of each information owner, custodian, and user.  In addition, NYSTEC collaborated with the agency to develop controls for each level in the schema to protect the agency’s information throughout its life cycle.

Integral to the process were sessions that NYSTEC facilitated with an agency business unit to identify and classify all of its information assets.  From these sessions, NYSTEC specialists developed a data-classification toolkit for the entire agency, including the identification of appropriate controls to protect information from creation to disposal.  At the project’s conclusion, NYSTEC provided a complete and sustainable data-classification process that other agency business units will use to safeguard and manage their information assets.