Module · Compliance Enablers

DataClassification

A.5.12–A.5.14: Classify, Label, and Handle — With Proof

Controls A.5.12 to A.5.14 require information to be classified, labelled, and handled according to its sensitivity — including transfer rules. This module maintains the data type inventory behind those controls: each data type with its classification level, handling rules, encryption requirements, and retention. It turns the classification policy from a table in a PDF into an operational register the whole ISMS can reference.

All Modules
Before → After

The problem we solve.

Why teams switch to Compliance Enablers for data classification.

Industry challenges

  • The classification policy defines four levels — but nobody can list which data sits at which level
  • Handling rules live in a PDF appendix that staff have never opened
  • Encryption requirements are asserted in questionnaires without a register to back them
  • Privacy, security, and retention teams each keep their own conflicting data inventories

How we solve it

  • A central data type register with classification, handling, encryption, and retention per entry
  • Operationalizes A.5.12–A.5.14 as living data rather than policy prose
  • Definitive reference for security reviews, audits, and customer questionnaires
  • One inventory shared across security, privacy, and governance functions
Capabilities

Built for depth,
out of the box.

Every capability is production-ready on day one. No add-ons, no extra subscriptions.

Flagship capability

Data Type Inventory

Register the data types your organization processes — customer records, credentials, financial data, source code — each with an assigned classification level.

Classification Levels & Labeling

Apply your classification scheme consistently across data types, supporting the labeling requirements of A.5.13 with a single authoritative source.

Handling Rules per Classification

Document handling rules for each data type — who may access it, how it may be shared, and how it must be transferred — operationalizing A.5.10 and A.5.14.

Encryption Requirements

Record the encryption expectations for each data type at rest and in transit, giving security reviews and questionnaire responses a definitive reference.

Retention Mapping

Capture retention requirements alongside classification, connecting security handling with privacy and records-management obligations.

The impact

Why it matters.

One authoritative register answers what data do we hold and how must it be treated
Classification decisions are consistent because they are made once, centrally
Handling and encryption rules are findable by the people who need to follow them
Privacy, security, and retention views of the same data finally agree
Unified data model

Part of a connected whole.

Data Classification shares a unified data model with every other module. Zero silos, by design.

Asset Inventory
Privacy Management
Document Management
Evidence Collection
Explore all 52 modules
14-day free trial · no card required

See Data Classification
in action.

Book a 30-minute demo and we'll walk you through data classification tailored to your team, frameworks, and priorities.

Book a Demo