Data classification, in the context of information security, is the classification of data based on its level of sensitivity and its potential impact to the organization should that data be disclosed, altered, or destroyed without authorization. Without classifying data into data classification categories and classifying how to handle the data, valuable information will be vulnerable. Develop a three-level classification system for your enterprise resource planning (ERP) system that will be added as an addendum to the BCP. The policy will be added to the appendix in your BCP. Consider the type of access control your users will be using and address the following: 

Explain the meaning of information ownership and how to classify, handle, and label.  

Describe vulnerability mapping, management, and trackability. 

Explain the significance of configuration and patch management within the policy.  Take into consideration who should be able to access, alter, save, or print the data. For each classification, decide how you will label your data to communicate the assigned classification.  Develop handling standards for each classification.