Data Classifications

This section provides information about Data Classification capabilities in the Amorphic platform.

Data Classification Overview

Data Classification allows organizations to categorize data assets based on sensitivity, compliance requirements, and business value to ensure appropriate security controls and handling procedures.

Classification Levels

• Public: Data that can be freely shared with minimal restrictions
• Internal: Data intended for internal use within the organization
• Confidential: Sensitive data with restricted access
• Restricted: Highly sensitive data requiring stringent access controls
• Regulated: Data subject to specific regulatory requirements (HIPAA, PCI DSS, GDPR, etc.)

Classification Process

The platform supports automated and manual classification of data assets:

• Automated pattern recognition and scanning
• ML-based classification suggestions
• Manual tagging and validation workflows
• Inheritance of classifications from source systems

Using Classifications

Data classifications can be used to:

• Apply appropriate access controls
• Configure data masking and encryption
• Implement data retention policies
• Generate compliance reports
• Manage data sharing and export controls

Best Practices

When working with Data Classification, consider the following best practices:

• Establish clear classification guidelines and definitions
• Train users on proper classification procedures
• Regularly audit and validate classifications
• Implement classification as part of the data ingestion process
• Use classifications to drive automated security controls