Governance Catalog

Data Classification

Data Classification plays a key role in information security and compliance programs (HIPPA or GDPR) by enabling controlled access to sensitive data (PII) or most critical assets in the application using Terms. The data objects can be classified based on predefined Classification criteria such as privacy, confidentiality, data sensitivity, and other compliance regulations to have a level of security on who can access the data objects.

There are several aspects of data classification, which are outlined below:

  1. To view data objects with associated Terms based on selected Domain and Classifications for different Object Type tabs in one comprehensive screen (Business Glossary / Tables / Table Columns / Files / File Columns / Reports / Report Columns).
  2. Identify unclassified data objects i.e. data objects without any term associated.
  3. To bulk update the Term or Tags for unclassified data objects.
  4. Classifying enables you to quickly find and locate the data to make data-driven decisions in everyday practice. You can consciously choose to allocate Terms to data objects and segregate the data objects in the application to the extent to which the data needs to be secured and not exposed to unauthorized users.
  5. Run AI recommendations on  unclassified Table columns to obtain Term recommendations. You can select domains and categories to suggest  Terms for columns created under the selected Domain or Category.
  6. Helps to define security controls like Masking & Restricting assets on sensitive data.

final data classification

Data Classification, Domain, and Terms

To understand how Data Classification is implemented and works,  you first need to understand the concept of Domain and Categories. Domains are high-level business units of an organization and are divided into different groups of entities. There can be multiple domains for an organization and each domain can have its own hierarchy that is independent of other domain structures.

Example: If XYZ organization is dealing with multiple business sectors that include Aviation, Health care, Banking, and Textiles, these can be considered as different domains of that particular organization.

A domain can be both Categorized and Classified.

  • Data Categorization is all about segregating similar data into different categories. This way, you can categorize all your business glossary terms and the underlying data objects into a hierarchical structure under each domain.
  • Classifications can be configured for a domain based on the confidentiality of the data,  Business units (HR, Marketing, R&D), or based on compliance and regulations. Examples of Data Classifications include, but are not limited to the following data elements.

Example: If Pharmaceutical Domain is considered, then it can have multiple categories and subcategories under it:

  1. Manufacturing (Category)
    1. Complex Generic Drugs (Sub Category)
    2. Patented Drugs (Sub Category)
    3. Active Pharma Ingredients (Sub Category)
    4. Special Empty Capsules (Sub Category)
  2. Marketing (Category)
  3. Distribution (Category)
    1. Direct Sale (Sub Category)
    2. Retailer (Sub Category)
    3. Wholesaler (Sub Category)
    4. Agent (Sub Category)
  4. Diagnostic Division

data classification image

Example: Few of the data assets in Patented Drugs (Sub Category) and Active Pharma Ingredients (Sub Category) can be considered highly confidential and grouped into a Highly Confidential classification. Data in Diagnostic Division can be classified as Internal Use, while data in Marketing and Distribution data can be classified as Public use.

Unclassified Data Objects

Unclassified data objects are the ones that do not have any Terms associated with them.  

Classifying Data Objects

In OvalEdge, the Business Glossary Terms govern the entire data. 

  • A single Term can be applied to multiple data objects in the application. However, a data object can have one Primary Term and multiple auxiliary Terms assigned to it. 
  • A New Term is created under a specific domain, and the Term inherits all the properties of the Domain. The classifications inherited from the Domain can be selected and applied to the Term based on the business requirements.
  • If this Term is applied to a data object, then the data object gets inherited with the Term classification defined for that specific Term. For instance, if a Term is associated with the Banking domain > Internal Use classification > then all the objects associated with the Terms get classified into Internal Use classification, and internal users in the organization can view all the data by restricting access to public users.
  • Terms thus help to group or segregate unclassified data objects to classified data objects.
  • The data object associated with a Term inherits the classification applied to the Term. 

Getting started with Data Classification

The Data Classification Interface helps you to view the entire terms existing in the application in the Business Glossary tab and displays the data objects associated with a term in the respective data objects (Table, Table Columns, File, File Columns, Reports, and Reports Columns) tabs.

It also helps you to view the data objects based on classifications and run AI recommendations.

data classification

The Data Classification home page displays the following details:

Select Domain

The interface contains a Select Domain filter enabled in the top right corner. Select a Domain to see the defined Categories and Sub-Categories associated with the domain displayed.

Configure Classification

The Configure Classification button displays the different classifications associated with the domain. 

Unclassified

The Unclassified checkbox is not shown for Business Glossary object Type. 

The checkbox is enabled for Tables /Table Columns / Files / File Columns / Report / Report Columns.

Select the checkbox to view the unclassified objects i.e., objects without any Terms (indirectly classifications) associated with them in respective object type pages.

Refresh

Press refresh to update any latest changes made to the objects and classifications.

Nine Dots 

Using the Nine Dots icon you can perform the following user actions:

  • You can Add Tags, Remove Tags, and Update Terms for selected unclassified objects.
  • You can Add Tags and Remove Tags for selected classified objects (associated with Terms).
  • For Table Columns, you can Run AI Recommendations for unclassified objects.

    Domain

    Displays the Domain Name of the object.

    Term

    Displays the Term associated with the object.

    Business Description

    Displays the Business Description of the Domain.

    Tags

    Displays any Tags assigned to the object.

    Status

    Displays whether the associated Term is in Draft or Published state.

    Steward

    Displays the Steward name associated with the domain.

    Custodian

    Displays the Custodian name associated with the domain

    Owner

    Displays the Owner name associated with the domain

    Gov Role 4,5,6

    Displays the respective Gov. User Roles associated with the domain.

    Created By

    Displays the user who created the Domain.

    The Classification process is broken down into two major sections:

    1. Creation of Domain, Configuring Classifications to a Domain, Creation of Term - Applying Configurations, and Publishing of Terms. 
    2. View Classified Objects, Unclassified Objects, Associate Terms to unclassified objects, and Run recommendations on unclassified Table column objects.

    Viewing Classified Data Objects

    To view Classified data objects, 

    1. Select a domain from the Domain drop-down, which displays all the domains and associated Categories (if any configured)  in the OvalEdge application.
    2. The grid displays all the data objects associated with the Term created under the selected Domain.
    3. You can further refine and view the data objects associated with a specific classification configured for the domain using the Configure Classification button. 
    4. Click on the Apply button to view the data objects associated with the selected classification under different Object Type tabs.

    Viewing unclassified objects

    Unclassified Objects are those that do not have any Terms associated. The Unclassified checkbox is enabled for the different object type tabs Tables / Table Columns / Files / File Columns / Reports / Report Columns excluding Business Glossary Tab.

    To view Unclassified Objects

    1. Select the Unclassified checkbox from a specific Object Type page to view objects across the application that do not have a Term associated.

    Associating Terms to Unclassified Object(s)

    1. Select the Unclassified checkbox from a specific Object Type to view all the objects in the applications that do not have a Term applied.
    2. Select data objects(s). You can select all the objects (select the global selection checkbox in the header column)  to bulk update the Objects with a Term.
    3. Upon selection of the data object, click on the Nine Dots icon.
    4. Select the Update Term option.
    5. The ‘Add Terms’ pop-up is displayed with a search icon. Search for the term, and the relevant term suggestions are displayed in the drop-down list.
    6. Hover on to a Term to see a + icon. Click on the +icon to add the term to the object(s).
    7. Once a Term is added to an object, it no longer appears in the unclassified objects list.

    Note: Users with OE_Admin role, Owner, Steward, Custodian, or user with Meta Write access can add/update Terms for the object.

    Term Recommendations 

    When a connection is crawled, and any new data objects are added to the application, the AI recommendations help to classify PII or confidential data. 

    Recommended Terms are the Term suggestions given to unclassified objects based on many parameters. The AI recommendation algorithms in the backend work on Smart Score and use the Table profile, metadata, title, and other parameters to work out the object-term relevance. It picks the relevant objects for the PII terms and shows the Terms in the recommendations.

    You can use the recommended terms to validate and apply the recommendations in a single click. Once the recommendations are applied, the data assets will be classified instantly.

    Term Recommendations are enabled only for Table column objects. There is a provision given for the unclassified data objects in the Table Column tab, to view or apply the Recommended Terms based on the object-term relevance. 

    Note:

    1. The AI Recommendations are more relevant and accurate if there are any existing  classified objects in the application based on which the Terms are recommended for other unclassified data objects.
    2. In the Business Glossary - Term Detail Page  - Associated  Data - Table columns -  at least one Table column should be associated with a Term (classification) based on which the Terms are recommended for other unclassified data objects in the Data Classification -Table Column.
    3. The Term should be in a Published state to run the recommendations.

    To Run Recommendations for unclassified Table Columns,

    1. Go to Data Classification > Table columns Tab.
    2. Click on the Nine Dots icon to select Run AI Recommendation Job on the unclassified option.
    3. A  ‘Run AI Recommendation on unclassified’ pop-up window is displayed on the screen.
    4. Select the domain from the drop-down menu and click on the Run button. A job is triggered, and you can view the status of the job from the Job module. The job status can be Init/Waiting/Running/Success/Failed/Partial Success/ Killing/Killed.
    5. Once the job is executed successfully, click on the Logs view icon. The Logs values are displayed.
    6. In the Log Value, the recommendation count is mentioned for Term ID Ex: 2465 is 51, capture the Term Id (Ex: 2465) and search for the Term in the Business Glossary, all the recommendations associated with the Term are displayed in the Recommendations tab. 
      run recommendations final
    7. You can click on the approve icon on the matching column name, the term will be assigned for the approved table column.
      Note :
      1. In the Business Glossary - Term Detail Page  - Associated  Data - Table columns -  at least one Table column should be associated with a  classified Term based on which the Terms are recommended for other unclassified data objects in the Data Classification -Table Column.
      2. The term should be in a Published state to run the recommendations.
      3. The AI Recommendations are more relevant and accurate if there are any existing  classified objects in the application based on which the Terms are recommended for other unclassified data objects.

    Adding/Removing Tags to the data object(s)

    Tags are search keywords or labels added to the data objects to easily find and locate the data objects in the application. Each Tag can be applied to multiple data objects. Also, each data object can have one or multiple tags assigned to it. You can add/remove Tags to the data objects.

    To add Tags,

    1. Go to Governance Catalog > Data Classification.
    2. Select the data object type (Table/File/Report)
    3. Select a Domain and Category - Sub Category (if any).
    4. You can select all the objects ( select the global selection checkbox in the header column)  or individual data object(s).
    5. Upon selection of the data object, click on the Nine Dots icon.
    6. Select the Add Tags option.
    7. An ‘Add Tags’ pop-up is displayed on the screen enabled with a search icon. Search for the tag, and the relevant tag suggestions are displayed in the drop-down list.
    8. Hover on to a Tag to see a + icon. Click on the +icon to add the tag to the object(s).
    9. All the selected data object(s) are organized under the respective tag.
      Note: Users with Meta-Write permissions can only add/remove tags.

    To Remove Tags,

    1. Go to Governance Catalog > Data Classification.
    2. Select the data object type (Table/File/Report)
    3. Select a Domain and Category - Sub Category (if any).
    4. You can select all the objects ( select the global selection checkbox in the header column)  or specific objects.
    5. Upon selection of the data object(s), click on the Nine Dots icon.
    6. Select the Remove Tags option.
    7. A ‘Remove Tag’ pop-up is displayed on the screen displaying all the assigned tags to the object in the drop-down list.
    8. Hover on to a Tag to see a - remove icon. Click on the - icon to remove the assigned tag from the object.
      Note: Users with Meta-Write permissions can only add/remove tags.

    Downloading Data Objects

    To download the Data Objects from the Data Classification,

    1. Go to Governance Catalog  > Data Classification.
    2. Click on any of the Object Type Tab data objects you wish to download (Business Glossary, Tables, Table Columns, Files, and Reports).
    3. Click on the download button located in the bottom right of the page to download, the selected data object(s) details are downloaded to your desktop in excel format.

    Copyright © 2019, OvalEdge LLC, Peachtree Corners GA USA