Data Classification – Quick Review
-
Tech Mahindra Data Classification policy requires electronic information to be classified, as either “Company Confidential”, “Restricted” or “Public”.
- Use Company Confidential classification, when the data is created, or to be used internally, within Tech Mahindra.
- Restricted classification is used for data, which needs to be restricted, to pre-defined associates, groups, functions, or business units.
- Public means any data, which can be shared to everyone, including inside, and outside, Tech Mahindra.
- While saving a document in Microsoft word, excel or Power-point, or while sending an email, using Microsoft outlook, or web Email, a Sensitivity label must be applied.
How will Labels be applied?
-
To classify emails, using Microsoft Outlook and Webmail, On the Message tab, select the Sensitivity button on the ribbon, as indicated in the image, and then select, one of the labels that has been configured.
- If Show Bar is enabled on the Sensitivity button, you can select a label from the Azure Information Protection bar directly.
Different Labels to be applied.
Choosing the right Sensitivity Label is an essential step in protecting the data, and ensuring, the data is right, and legal usage, as intended, or as per contract. Mentioned here are the labels, based on classification of data, along with some examples, indicating when they are used.
- Documents Classified as Public, indicate the data, which can be shared with everyone, including inside, and outside, Tech Mahindra. For example, an approved, Press release by the Marketing Team. Such documents are not encrypted, and can be read or accessed, by internal and external parties.
- “Confidential – Internal Use”, and “Confidential – External Use”, are to be used with data, that are classified, as Company Confidential. These documents are created for Tech Mahindra internal purposes, or for customer deliveries.
- “Confidential – Internal Use”, is to be used, for example for Tech Mahindra Policy Documents, or Process Documents, published on Tech Mahindra BMS, or project documents, used and referenced, within Tech Mahindra.
- Similarly, when an email is intended to be circulated within Tech Mahindra only, “Confidential – Internal Use”, label is to be applied.
- For documents, created for customers, or partners, and while exchanging email, with customers, or sharing Tech Mahindra information, such as Job Descriptions, with vendors, or offer letters, with potential candidates, the label “Confidential – External Use”, is to be made use of. These emails will not be encrypted, however, monitoring of any confidential information, going outside Tech Mahindra domain will still be done.
- The “Restricted” classification is to be used, for data, which needs to be restricted, to pre-defined associates, groups, functions, or business units. A good example would be a statement of work, or architecture documents, for a potential project, that needs to be exchanged, with vendors, and partners, but is sensitive, and cannot be disclosed.
Here, the label, “External Use – Do Not Forward and Print”, should be used.
- Likewise, for internal Tech Mahindra sensitive information, such as Appraisal Discussions, Background Verification Reports, that need restricted circulation, and print protection, the label, “Internal Use – Do Not Forward and Print”, is to be used.
- Sensitive documents, within a project or account, that should not be accessible outside the project, the label “Internal Use – Full Control”, can be used. This will enable the team to freely exchange information, within themselves, or update as needed.
Please refer to the link below for the detailed session.