The restricted access data classification model is based on the ability to classify data according to a general scheme. It is quite obvious that the classification of data in an information–centric model should be defined in terms of business data, since security requirements are subordinated to the business value (sensitivity) of data.

Different structures can be used in the classification. Both simple (hierarchical or flat) and complex mixed structures. Complex structures correspond to a more detailed classification scheme and most accurately reflect the structure of business data and their relationships within business processes.

Such a business data classification scheme can provide a closer link to corporate security policies to classify restricted access data according to business processes and can help increase employee security awareness, which can directly understand the business value of the data they are working with.

The data classification level (or classification level) is an attribute (label) that is assigned to a unit of information (document, file, database, etc.) primarily based on its sensitivity (value and potential damage in the event of unauthorized disclosure, modification, or destruction), as well as other attributes (nature data, company structure, and other classification features).