Last week my colleague Libby Robinson wrote about the enhanced automated classification capabilities of the new TITUS Classification Suite 4.4. While TITUS can automate classification better than ever, Libby nonetheless concluded that: “it is best practice to deploy a combination of user-driven, system suggested and automated classification.” If you read the TITUS blog regularly, I’m sure you are familiar with user-driven classification and its importance to the organization. But what is “system suggested classification” and when would an organization use it?
With “system suggested classification,” the TITUS policy engine runs the same evaluation policies as are performed during the automated classification process (based on content, context, the user, the recipient, etc.). The key difference is that a user is prompted to confirm the automated classification results and is able to quickly adjust the classification if the automated process was deemed incorrect.
It should be noted that suggested classification is not the same as a default classification; suggested classifications are not static. When the user is presented with the classification prompt the suggested classification value could be different each time. As a result, users will need to consider the classification and potentially make adjustments or add secondary classifications.
We know that automation is a natural fit for machine-generated files, while user-driven classification is ideal for intellectual property. So, when would an organization choose to implement suggested classification?
- When users are new to classification and there is some concern they may make the wrong choices, it might be helpful to provide suggested classifications.
- In highly regulated industries where the oversharing of information – even within the same organization – can lead to penalties, suggesting a classification can help keep users from making mistakes.
- For organizations or departments engaged in a lawsuit, merger, or other delicate affair, suggested classifications could be triggered if specific terms or recipients are detected.
- For users who process a lot of large files, TITUS could perform a content scan of hundreds of pages to locate that one piece of PCI, PII or PHI that would be very difficult for the user to detect.
How you choose to classify is as flexible as your needs, and can vary by user, by group or by process. For example, your accountant might access reports from your ERP system that were auto-classified, analyze the data in a spreadsheet where suggested classification is used, and then send a summary of the report via email where she (and the entire accounting department) is required to choose the classification manually.
Where would you see suggested classification coming into play?