Data Classification in NoCode-X
Understanding Data Classification
Data classification is embedded throughout the NoCode-X platform to ensure effective management of sensitive information. It aims to unburden creators while providing state-of-the-art assurance on regulatory compliance to information owners. This classification acts as a transparent safeguard for sensitive information, applied on top of the already high security standards and practices of the NoCode-X platform.
Available Classification Labels
| Classification Label | Description |
|---|---|
| Secret | Only to be accessed by a very limited set of people in the organization. Disclosing this information could lead to very high or existential impact. |
| Sensitive Personal Information | Information relating to data protection that is highly sensitive, such as medical, financial, and criminal records. This requires fine-grained control to avoid compliance issues. |
| Confidential | Accessible only to specific groups and should not be exposed in an unauthorized manner. Disclosing this information could lead to high impact. |
| Restricted | Accessible only to specific groups and should not be exposed in an unauthorized manner. Disclosing this information could lead to medium impact. |
| Unrestricted | Not intended to be made public, but there is no high risk of disclosure. |
| Public | Intended to be made public, with no risk when this information is disclosed. |
Additional Measures Enabled
| Measure | Description |
|---|---|
| Identify | Clearly identify your data processing in the scope of resilience, compliance, and data protection. |
| Protect | Enable application-level encryption to protect sensitive information from unauthorized access. |
| Detect | Alerts the creator if information is exposed in an unauthorized manner when deployed to production. |
| Respond | Enable full auditability for create, change, delete, and read access, ensuring accountability without affecting performance. |
How to Enable Data Classification
- Go to Data Format by pressing
Alt + F. - Open the data format.
- Go to Properties.
- Select the attribute of the format.
- From the dropdown box, select a data classification label (e.g., Secret, Medical, Confidential).
By default, information is considered to be Restricted and has unauthorized access blocked.
Mapping Data Classification to ISO Standards
Data classification makes a critical contribution toward meeting the control objectives set by various ISO standards. Below is a mapping table outlining the relationship between data classification measures and the corresponding ISO controls:
| ISO Standard | Relevant Control/Clause | Description/Contribution |
|---|---|---|
| ISO/IEC 27001 | A.8.2 – Information Classification and Handling | Ensures assets are classified appropriately so that subsequent handling, access control, and protection measures are in accordance with sensitivity. |
| ISO/IEC 27001 | A.9 – Access Control | Data classification informs access restrictions so that only authorized users can access sensitive and confidential data as defined by internal policies. |
| ISO/IEC 27001 | A.10 – Cryptography | Classification dictates the level of encryption required – particularly for "Secret" and "Sensitive Personal Information" categories. |
| ISO/IEC 27001 | A.18 – Compliance | Supports the identification and fulfillment of legal, regulatory, and contractual requirements relating to data protection and secure handling of information. |
| ISO/IEC 27017 | Cloud Security Guidelines | Helps in defining security controls for cloud data by ensuring that data classification is applied to data stored and processed in cloud environments. |
| ISO/IEC 27018 | PII Protection Controls | Guides measures to protect personally identifiable information (PII) by applying fine-grained classification and ensuring rigorous controls over sensitive data. |
Conclusion
The data classification mechanism on the NoCode-X platform is a comprehensive solution designed to protect sensitive information by categorizing data according to defined security levels. Through the implementation of additional security measures (Identify, Protect, Detect, and Respond) and integration with existing high security standards, the platform not only meets but exceeds regulatory requirements.