Baseline for AIP policies

When I am delivering workshops for AIP to my customers, I regularly get the question that if I have a baseline for Sensitivity labels. I always answer with the same, it depends on your needs and requirements, but with this post, I want to show you, how you can start your content classification.

First of all, you have to think about naming and description, at first glance could be quite obvius, but when your end users start working on those labels, and they have to read names and description, this information will help them a lot, so, choose wisely and think twice.

My recommendation here is to ensure the real purpose of the label and a reflection of the terminology that uses the company. Once you have this, half of your work is done, then what you need to do is to create a description, explaining the contents that reflect the classification.

So.. what levels of AIP I am creating? the 4 following:

  • Public
  • Internal
  • Confidential
  • Secret

Public classification

The public classification label applies to information that is available to the general public and intended for distribution outside an organization. This information may be freely distributed without risk of harm. Any information that is produced for public consumption — such as news releases, job announcements, and sales brochures — are good examples.

Internal classification

The internal classification label applies to information that is used in business processes, and the unauthorized disclosure, modification or destruction of which is not expected to seriously affect the organization, customers, employees or business partners. Any information that is used in routine business matters — such as internal policy manuals and company phone lists — are good examples.

Confidential classification

The confidential classification label applies to information that is used in sensitive business processes, the unauthorized disclosure, modification or destruction of which will adversely affect an organization, its customers, employees or business partners. Examples of sensitive information include intellectual property, contract negotiations, most personnel matters, personally identifiable information, protected health data, bank account numbers and payment card information of customers and employees.

Secret classification

The confidential classification label applies to information that is used in extremely sensitive information business processes, which the unauthorized disclosure, modification or destruction of would seriously harm the organization, its customers, employees or business partners. Examples for health organizations include medical records relating to mental health, sexually transmitted diseases… Examples for other organizations include documents used in mergers, strategic plans and litigation.

AIP AutoApply Label not working as expected

I have been testing auto apply label in some scenarios, but what I have discovered is that AutoApply Label is not working when I activate the autosave toogle in Word (for example):

I’ve been testing the same policy under different circumstances (Windows 10 + Office 2101 C2R)

Turned ON AutoSave for synced libraries (Default On):

Tested to create a new Word.docx where AutoSave in ON and then added keyword in doc to trigger AutoApply label.

After hit Safe nothing happens, no label applied (or suggested)

Turned OFF AutoSave for synced libraries (Default On):

Tested to create a new Word.docx where AutoSave in OFF and then added keyword in doc to trigger AutoApply label.

After hit Safe the Auto Apply label suggests me to change label.

But after digging some more, I was aware that If I used the built-in labeling client in Word it works with or without autosave. Strange isn’t it? I do not know if it’s a limitation or what…

I will keep tracking that problem…