Establish topic-particular policies on classifying information, align it to access control policy, and account for privacy, integrity, and accessibility. Classifications should include conventions and criteria for review, and be consistent throughout the organization. Owners should be accountable and assets instead of information can be classified. The classification can be determined by the impact of compromise and should be updated accordingly. Agreements with other organizations should include procedures to identify classification and handle different schemes.
Conformance1
Tools for conforming to standards, goals and processes
