Data Classification Matrix
Total Enterprise Security Solutions has a great data classification matrix here.
This matrix would make a good appendix to your Data Classification Policy.
It categorizes data into non-sensitive (non-controlled and controlled) and sensitive (critical information and restricted information). It also has examples and criteria for each category plus ten handling standards:
- Release to Third Parties Standards
- Transmission by Post, Fax and E-mail Standards
- Transmission by Spoken Word Standards
- Print, Film, Fiche, Video Standards
- Copying Standards
- Storage Standards
- Destruction Standards
- Physical Security Standards
- Access Control Standards
- Audit Standards
An archive of the data classification matrix is here: Data Classification Matrix
Very useful info–check it out!