 Hello and welcome to the session in which we will discuss data classification and data taxonomy Both concepts data classification and data taxonomy are important If you want to understand the concept of data governance and management strategies Those are important component of data policies and procedures So you need to understand what is data classification and what's data taxonomy data classification is the process of Categorizing data based on what based on the level of sensitivity and its importance to the organization The easiest method or the best example I can give you is when the government designs something top secret It classify the files as top secrets And obviously I have top secrets and I have the former president trump and the current president biden And if you follow the news, you know, what's going on Sometimes they get confused of what's Top secret and what's not they take some files with them But the point is this is what we mean by data classification. How important is that topic now for companies? It may not be considered top secret, but we have other classification, which we will discuss shortly in an example Why do we classify the data to ensure that certain data of the data is sensitive? It's properly protected because not all data Should have the same classification not all data sensitive not all data is confidential Some data is Internal some it's external some public some sensitive and for the government some secret and some top secrets Okay, this is what we mean by data classification Data taxonomy on the other hand is the process of organizing the data Into a hierarchical structure such as grouping similar data together and providing a way to describe and understand the relationship between different data elements And data taxonomy on the other hand is we are looking we're grouping similar data together why Because every data is considered at the end of it. It's a data element. It's a data of some sort What we do is we group those data together And we provide a description to know what pool of data Are we working with now the best way to illustrate these concepts data classification and data taxonomy Is to look at an actual example Before we proceed any further. I have a public announcement about my company farhat lectures dot com Farhat accounting lectures is a supplemental educational tool That's going to help you with your cpa exam preparation as well as your accounting courses My cpa material is aligned with your cpa review course such as becker Roger wiley gleam miles My accounting courses are aligned with your accounting courses broken down by chapter and topics My resources consist of lectures multiple choice questions true false questions as well as exercises Go ahead start your free trial today. No obligation. No credit card required So for the example, let's assume we are dealing a health organization So the first thing i'm going to show you What could be potential data classification for a health organization? Obviously those Classification are made up. You could you know, you could make as many classification as you want to as long as you define Define them to the users one could be public data Or the the data is classified. What could be public data? Well data that's available to the public and does not contain any sensitive information What could be some examples? Service locations hours of operation of this health organization. That's public data. It's a data, but it's a public data This health organization or this hospital Could have internal internal data data. That's considered internal. What could be examples of internal data? This could be including employee contact information You don't want your employee information to be public for example their name Their i'm sorry their name their addresses and sometimes their names Their addresses their phone numbers that information should be internally internal procedures Minutes meeting so on and so forth Then we could have a confidential type of data classification for confidential data Now for each source of data the company will have its own description So the employees understand what's public? What's internal? What's confidential? This information if it's confidential, it must be protected The example could include patient medical record financial information of the company Assuming it's a private company and research data. That is confidential. Then we could have sensitive data Sensitive data here for the purpose of my example is the highest level Which would include again sensitive highly sensitive and require the highest level of protection example could include identifying information And personal health information for actual patient. Now you want to protect this Maybe maybe you could have a fifth category highly sensitive Then if the organization is very important, they could have secret and top secret data classification As as I mentioned, you could have many types of data classification But usually those are the four that are commonly used or the one you need to know for an accounting information system course or The CPA CMA or CISA exam. Now, let's move on from data classification to data taxonomy. What is data taxonomy? Basically Grouping grouping the data. For example, you could have patient data This data could include about information about patients such as their demographics medical history And treatment plan. This is how we are organizing the data itself On the prior slide We gave the data a level of sensitivity. Now, we're going to see how they both fit together in a moment Now we could sub we could the data this here. This data could be subdivided by demographics. For example, we could have Patient demographics for the new york city patient demographic for philadelphia So on and so forth. So we could break it down by demographics We could break it down by medical history. For example, how long, you know the one year two year three year so on and so forth Patient been with us We could have financial data the financial data would include data about the organization's Finances such as the revenues expenses and budget. That's financial data That's the type of data that that we are dealing with financial not patient data And we could have research data Did this data include information about the organization research project study design results and publication? And we could have many other type of data. Whatever is needed for us just for the sake of illustration I chose three categories or three structure Now you need to understand the relationship between the classification and taxonomy. How do we classify them? They are often interrelated and they use together because you need to know what data what type of data am I dealing with And what's the level of sensitivity? So data classification help the organization and understand the level of risk associated So based on the risk you will have different policies to treat the data With different type of data while data taxonomy helped the organization understand the relationship between the different data element And how they fit in the overall data structure now a company could have a matrix that looks like this Okay, for example, the data elements as patient demographics For example, the patient demographics the data classification is confidential. We for example Just that confidential, can it be sensitive? It can be sensitive But I just I I decided to be confidential the data taxonomy is patient data So it's under the patient data category, but it's confidential the medical history We're gonna say it's sensitive just we could change it to confidential We could have it sensitive again what medical history under what data category or what data group It's also patient data treatment data. I'm gonna say data classification is sensitive It could be confidential. I'm just gonna paste sensitive employee contact information data classification internal And the it's from employee data internal procedures for the company considered employee data Minutes meeting. I would say minutes meeting. We want to keep it confidential Maybe if we are working on a very important Drug, maybe it we want it to be sensitive. Okay And this could be considered financial data Because minutes meeting or it could be considered research data, whatever we want to consider it So on and so forth revenues expenses budget Design results publication here. These can be also sensitive or they can be confidential depending on what we want to do So the key is to understand now different companies will have different classification different category Different hierarchy different data elements All what you need to know is what is this concept data classification and data taxonomy Whether you are studying for the cpa exam cisa exam cma exam accounting information system It's very important that you understand this information or you are studying for these certified internal auditor Study hard. Good luck invest in yourself invest in your career and stay safe