The Challenge
Being certified compliant with the ISO 27001 standard, the client needed to maintain top level classification and document labelling in order to retain this accreditation. As well as compliance driver, the organization realized that internally it was becoming very important to maintain the confidentiality of all documents that were being created on a daily basis, and that they had no current solution in place to classify any of their information. The organization also needed to be able to control ITAR related information, something critical across the business to enable safe sharing of information with partners, suppliers and customers.
The Solution
The client evaluated two different data classification software providers including Fortra's Classifier Suite and chose to implement Fortra's Classifier Suite. This was primarily due to Classifier being more technically superior, as well as offering complete classification coverage across the entire Microsoft Office suite including Visio and Project. The client was so confident in the solution that they were able to begin the implementation 3 months after they started their initial search for a data classification product, which they also credited to the very helpful and professional support received from the Fortra's Classifier Suite team during the evaluation period.
The solution is now fully deployed, and a security policy has been launched throughout the organization, while the security team evaluate the policy to see if they need to update the policy configuration; something Fortra's Classifier Suite are able to accommodate very quickly and easily across all products through the Classifier Administration console. So far there has been a lot of positive feedback from within the organization to the implementation of Classifier. All documents are marked “Internal” as a default setting, so none of the users need to change the settings unless the information needs to be sent to an external contact, which has made the adoption very easy throughout the organization.
Looking ahead, the client is wanting to add Classifier Reporting to enable more visibility of classification activity, as well as being able to create reports to be able to demonstrate adherence to security policy across the organization. They will also be able to demonstrate ongoing compliance against various policies, rules and regulations, and identify potential risks and to feed back into security policy improvements. While not an immediate requirement, the organization sees the value in implementing stronger controls around data security for mobile devices, which the Fortra's Classifier Suite product would fully support.
Conclusion
The implementation of Fortra's Classifier Suite into the leading engineering and manufacturing organization has allowed them to create a security culture throughout the organization, as well as providing compliance for standards, and rules and regulations such as ISO 27001 and ITAR. They are now looking to further enhance their classification capability with the addition of visibility by adding the Classifier Reporting module to their package, with the possible addition of Mobile Classifier further down the line. Going forward, the organization have the intention of using Classifier metadata labels to help drive a DLP solution and control the flow of documents.