II.
Workflow overview
Reference · liveworkflow:data-classification-audit
Data Classification Audit overview
Audits data classification accuracy and access controls across organizational data stores -- scanning data repositories for unclassified or misclassified assets, verifying PII and sensitive data labeling against classification policy, reviewing access-control lists against data-classification tiers, checking encryption-at-rest and in-transit compliance for each classification level, auditing data-sharing agreements for classified data flows, and validating data-retention enforcement. Produces classification audit report and remediation actions for misclassified assets. Excludes classification policy definition.
Attributes
displayName
Data Classification Audit
workflowKind
governance
triggerType
scheduled
typicalCadence
semi-annually
complexity
cross-team
description
Audits data classification accuracy and access controls across
organizational data stores -- scanning data repositories for
unclassified or misclassified assets, verifying PII and sensitive data
labeling against classification policy, reviewing access-control lists
against data-classification tiers, checking encryption-at-rest and
in-transit compliance for each classification level, auditing
data-sharing agreements for classified data flows, and validating
data-retention enforcement. Produces classification audit report and
remediation actions for misclassified assets. Excludes classification
policy definition.
Outgoing edges
applies_to_domain2
- domain:legal·DomainLegal
- domain:operations·DomainOperations
involves_role3
- role:security-reviewer·RoleSecurity Reviewer
- role:data-scientist·RoleData Scientist
- role:license-auditor·RoleLicense Auditor
performed_by_org_unit3
- org-unit:data-governance-team·OrgUnitData Governance Team
- org-unit:security-team·OrgUnitSecurity Team
- org-unit:compliance-team·OrgUnitCompliance Team
requires_skill_area2
- skill-area:data-governance·SkillAreaData Governance
- skill-area:identity-security·SkillAreaIdentity & Access Security
triggers_responsibility2
- responsibility:security-review·ResponsibilitySecurity review
- responsibility:data-quality-monitoring·ResponsibilityData quality monitoring
Incoming edges
None.