Classifying data and services
In Brief
This phase is a mandatory step for all public administrations that intend to start migrating to the cloud.
It is used to determine the importance of each piece of data or service (whether strategic, critical, or ordinary) and to assess the impact any breach could have on national security.
Roles and responsibilities
-
Public Administration
Rank data and services and fill out the online questionnaire to start the transition to the cloud model.
Where to do it
How to proceed
Follow these steps to classify data and services.
- Verify automatic classification
After accessing the restricted area, you will find a list of services already pre-classified. Check that it is complete: if it is, you can confirm it; if services are missing or changing, go to the questionnaire.
- Fill out the online questionnaire
Use the questionnaire to change the pre-filled classification or add new services.
- Submit classification
After completing the questionnaire, send the classification to the National Cybersecurity Agency, which will verify it within 90 days.
- Receive updates
In the restricted area you can check the status of the classification and receive notifications about approval.
When you introduce new services or change relevant features of already classified services, you must update the classification. To do this, you must fill out the questionnaire again for the affected services and submit the changes for verification.