Hi there
To keep this simple, you can begin by identifying any vendor with access to sensitive or confidential information. The first category is for your customer data, but from there, you could use these categories:
Sensitive Company Information:
Employee information retained by the company which is privileged, regulated, proprietary data, or highly-sensitive financial information.
Confidential Company Information:
Information is restricted to the individuals, management, or administrators; Unauthorized access could influence the company's operational/security effectiveness or cause material financial loss, provide a significant gain to a competitor, or cause a significant drop in customer confidence.
This category includes all data/documents that are sensitive or confidential, including company emails, employee compensation, or benefits. Network architecture, hardware/ server configurations, or user Ids. Trade secrets, financial data, or other information could compromise the company, impact our earnings or reduce our competitiveness.
I hope that is helpful, but I would love to hear from other members.
Best,
Hilary
Original Message:
Sent: 02-07-2022 01:10 PM
From: Anonymous Member
Subject: How to categorize vendors
This message was posted by a user wishing to remain anonymous
What are some different ways to identify ways to best categorize vendors who access internal proprietary data and/or confidential employee data (not member or customer data)