Project Classification

Project Classifications assign your project with a level of risk based on how you answer the project survey. Classifications can help you categorize your project by its potential risk. For instance, the type of information your application collects largely determines the risk it poses to your organization, where health, financial, and personally identifiable information are classified as high risk.

You can access the Project Classification screen from the Manage menu:

100

Project Classifications come in 5 levels of risk:

project classification levels.png
Any projects that do not fit into these five classifications will be unclassified.

Project Classification assigns your project a level that is associated with a risk profile. This can help you track compliance and completion by low, medium, and high risk projects to more quickly take action on projects that are not meeting the baseline compliance of their risk policies.

Project Classification activities are reflected in the following ways on the SD Elements Dashboard, Project list, and in global reports:

300

Project Overview

100

Project list

project classification projectlist.png

Global Reports

project classification global1.png
project classification global2.png

How the Project Survey affects Project Classifications

Completing the Project Survey assigns your project with the highest Classification based on the Answers selected in the survey.

project classification survey.png

Classifications are sorted by most critical to least critical. This ordering allows you to identify the critical level of customized Classification names at a glance.

If a Project is matched with the same Classification it had prior to answering the Survey or updating its Profile, its Risk Policy is unchanged. However, if a Project receives a new Classification after answering the Survey or updating the Profile, it will be assigned the Default Risk Policy for the new Classification even if the Project’s previous Risk Policy is still valid for the new Classification. You can manually update the Risk Policy later to any Risk Policy valid for the Project’s Classification.

If a Project becomes unclassified, it is assigned the Default Risk Policy for the Project’s Business Unit. You can manually update this Risk Policy later to any available policy in your Business Unit.

Project Classifications can function as a matching rule that pairs relevant tasks with a particular risk classification. The rules associated with each classification also allow Project Survey answers to be automatically answered if the classification of a project changes.

How Risk Policies affect Project Classification

Deleting a Risk Policy will impact Classifications and Projects that use the Risk Policy. If you delete a Risk Policy that is a Classification default or a Business Unit default, you must choose a replacement default that is applied to all affected Classifications and Business Units.

Otherwise, Projects with the Risk Policy you delete will fall back to the Default policy of the classification. All unclassified Projects fall back to the Default policy of their Business Units.

Project Classification details

  • Name: The name of the Classification level. SD Elements provides default names for each level that you can customize.

  • Description: The description of the Classification level and the risk associated with it.

  • Classification Rules: The Project Survey answers that determine your project’s Classification.

  • Classification Risk Policies: A default Risk Policy associated with this Project Classification. You may assign multiple policies to each Classification.

Toggle Project Classification

Project Classification is optional and may be turned on or off.

Prerequisites:

  • Users require the permission Global Roles → Administration → Manage project classifications and risk policies.

Steps:

  1. From the Manage menu, select Classifications.

  2. In the upper right-hand corner, select the checkbox for Enable Classifications.

    project classification enable first.png

  3. Click Enable.

    650

You can deselect the checkbox to toggle Project Classification off.

Edit a Project Classification

SD Elements comes with default levels of classification. You can modify these levels by selecting the answers and risk policies that suit your needs.

A Project Classification must be assigned both rules and a Risk Policy. Once you complete and save the Project Survey, your project will then be assigned a classification.

Prerequisites:

  • Users require the permission Global Roles → Administration → Manage project classifications and risk policies.

Steps:

  1. From the Manage menu, select Classifications.

  2. Hover your cursor over the Classification you would like to edit, and select the edit mode_edit icon.

    project classification edit.png

  3. Enter in the details of the Classification.

    625

  4. Under Project Classification Rules, select the Project Survey rules that will determine how your project is classified.

    1. In this example, a project is classified as Critical when it handles personal data or is a web service.

      700

  5. Click Save Changes.

The details of the Classification are updated. You may only select a default Risk Policy from a list of valid policies.

 New changes to a Classification will only be applied to new projects. Existing projects with the Classification you modify will not be affected until the next time you save the Project Survey.

How Project Classification affects Global Reports

Project Classification is reflected in reports you generate.

Prerequisites:

  • The user has the permission Global role → Administration → View all projects.

Steps:

  1. Under the Reporting menu, select Global Reports.

  2. Click the Add New Report button in the top right (My Report)

  3. Global Reports have a new Classifications filter.

    project classification global1b.png

  4. You can also sort reports by classification level.

    project classification global2b.png

results matching ""

    No results matching ""