Chris works at a Fortune 500 company who are subject to the ISO 27001 standards and are evaluating Confluence as their central knowledge base solution.
One of the primary requirements is the classification of data relating to its sensitivity. For example, financial records should be classified as a restricted document and should only be visible to a subset of company employees. On the other hand, a company policy (e.g. travel policy) would be classified as internal use only and should be visible to all employees.
By using Compliance for Confluence, Chris has a solution that can help meet this obligation and classify data that need to be restricted.
Configure Classification Levels
Automated Page Restriction
Mandatory Page Classification
Reporting on Classifications
After deciding to proceed with using Confluence for internal knowledge sharing, Chris installs the Compliance for Confluence App on the company system.
Chris' company uses a specific data classification system with the labels:
Sensitive - information that presents the greatest danger if it was lost or disclosed. Only limited audiences should have access to this information.
Restricted - only people with a need to know should see this information. Its loss or disclosure would pose a moderate to major risk.
Internal Use - commonly available to all employees. This information would pose only a minor risk if it was lost or disclosed.
Public - this data is freely available to the public and employees. It requires no special protection.
Compliance for Confluence allows Chris to customize the classification levels to match his organization. The App allows you to set and customize 4-10 classification levels with their own color and description.
Chris organizes company training explaining how to set the classification levels on Confluence pages. This training allows company staff to classify their Confluence pages from the top of the page or when editing a page.
In order to manage existing content, Administrators can use the bulk change feature to apply data classification across their Confluence Spaces retrospectively.
After a suitable trial period, the company decides they would like to continue using Compliance for Confluence and proceeds to enable a number of additional features, including:
Automated Page Restrictions - restrict visibility and access to pages based on their classification level. These restrictions can be applied to users and groups (e.g. groups from Active Directory)
Mandatory Page Classification - require your employees to classify Confluence pages when they are creating or modifying content. With this feature it prevents employees from saving or publishing this page without setting the classification level.
Display Classification Levels on Exported Content and Print Outs - some organisations require all content to display the classification level of their documents. This feature adds the classification label to the top of the page when exported or printed.
At his monthly meeting, Chris' manager asks for a progress update on the data classification of pages in Confluence. He asks Chris for a report. Using Compliance for Confluence, Chris can quickly respond to his manager’s request using the features below:
View Classification Level Statistics - retrieve an itemized report on each Confluence Space and the number of pages that have been classified under each level. This also includes pages that have yet to be classified.
Find Pages with Pending Classifications - use the Compliance for Confluence browser to find pages and their classification level. This will provide you with an insight on which pages have been classified and which pages have not yet been classified.
These two reports give Chris the information he needs to satisfy his managers request but also provides actionable information to follow up with other employees and ensure pages are being classified as expected.
As you can see, Compliance for Confluence gives you a great way of understanding what information is being stored in your system and helps you to comply with regulations. The App can be used to fulfil basic obligations but also contains features that gives businesses greater control over their employees use of Confluence.