AEGIS · AEGIS Shield
Artifact 2.1
Data Classification & AI Data Map
The four-tier data standard and the map of where data of each class lives, flows, and is touched by AI — the foundation every other Shield artifact rests on.
- Client
- [CLIENT NAME]
- Engagement
- [ENGAGEMENT ID]
- Version
- v1.0
- Issued
- 2026-05-18
Delivered by TechFides under the AEGIS Governance Operating Services engagement. This document is proprietary to the client named above. Redistribution beyond the engagement steering committee requires written consent.
Purpose
Intent — A classification scheme is the spine of security. Without one, policy is opinion. With one, every other rule in AEGIS has a specific target to protect.
This artifact does two things. First, it defines the four-tier classification used across AEGIS — P0 Regulated, P1 Confidential, P2 Internal, P3 Public. Second, it maps the organization's actual data types to those tiers and records where AI interacts with each flow. The AUP (§1.1), VRA process (§2.2), and Incident Response (§2.3) all reference this document. If this document is vague, those downstream artifacts inherit the vagueness.
Four-Tier Classification
Intent — The standard, in full. Copy this into every downstream artifact by reference — never paraphrase.
P0
Regulated / Restricted
Data whose disclosure triggers regulatory, legal, or contractual consequence. The highest bar.
Examples
- Protected health information (PHI) under HIPAA.
- Full personally identifiable information (SSN, passport, financial account numbers).
- Payment card data in scope for PCI DSS.
- Client-privileged material, attorney work product, and matter-specific files.
- Trade secrets, proprietary algorithms, unreleased financials and forecasts.
AI rule
Prohibited in any AI tool unless explicitly named on the approved-for-P0 list, bound by a signed BAA / DPA, with zero-retention settings verified in writing by the vendor.
Storage
Encrypted at rest (AES-256) and in transit (TLS 1.2+). Access keyed to named individuals, logged, and reviewed quarterly.
Retention
Per regulatory schedule or client contract — whichever is more restrictive.
P1
Confidential
Non-public information whose disclosure causes material harm but does not trigger specific regulatory action.
Examples
- Internal strategy documents, product roadmaps, board materials.
- Client names and engagement scope where disclosure violates NDA.
- Personnel records, performance reviews, compensation data.
- Vendor contracts, partnership terms, pricing details.
AI rule
Permitted only in approved enterprise tenants with documented retention controls. Never in consumer or personal-account AI tools.
Storage
Encrypted at rest and in transit. Access by role, reviewed semi-annually.
Retention
7 years default; sensitive HR data per jurisdiction.
P2
Internal
Information intended for employees and contractors, not the public, but without material disclosure consequence.
Examples
- Internal process documentation without client identifiers.
- Non-confidential planning material and general operational notes.
- Draft marketing content prior to publication.
AI rule
Permitted in approved enterprise AI tenants. Strongly discouraged in consumer tools; permitted only if the content is already destined for public release.
Storage
Access controls by role; logging for sensitive subsets only.
Retention
3 years default.
P3
Public
Material already published or intended for unrestricted release.
Examples
- Marketing copy already published.
- Publicly available research and regulatory filings.
- Press releases, publicly-shared case studies.
AI rule
No restrictions beyond normal tool usage policies.
Storage
No encryption requirement beyond standard system controls.
Retention
Per marketing / communications schedule.
Data Inventory
Intent — The map from data types the organization actually handles to their classification tier, system of record, and AI flow exposure.
| Data Type | Class | System(s) of Record | Owner | AI Flows |
|---|---|---|---|---|
| Customer health records | P0 | EHR, billing system, claim processing | Chief Medical Officer | AI summarization of intake notes (approved tenant only); prohibited in consumer tools |
| Payment and billing data | P0 | Payment gateway, CRM billing module, accounting | CFO | Prohibited in AI tools except for aggregated, tokenized analytics dashboards |
| Matter files, legal hold, privileged correspondence | P0 | Document management system, email archive | General Counsel | Prohibited except in AI tools on the approved-for-P0 list with explicit client consent |
| Client engagement details and contract terms | P1 | CRM, contract management, engagement SharePoint | Chief Revenue Officer | Approved enterprise AI for drafting, summarizing, meeting intelligence within the client tenant |
| Employee PII and payroll | P1 | HRIS, payroll provider, benefits platform | CHRO | Prohibited in consumer tools; conditional in enterprise tools with explicit HR sign-off |
| Source code and proprietary algorithms | P0/P1 | Source control, internal wikis, architecture docs | CTO | Approved AI coding assistant in enterprise tenant with zero-retention verified; algorithmic modules require CTO approval |
| Internal strategy and board materials | P1 | Board portal, executive SharePoint | Executive Sponsor | Approved enterprise tenant only; generative drafts reviewed before distribution |
| Marketing content pre-publication | P2 | Marketing CMS, design tools, social scheduler | CMO | Approved enterprise AI; consumer tools for P3-intended content only |
| [DATA TYPE] | [TIER] | [SYSTEMS] | [OWNER] | [AI FLOW NOTES] |
AI Data Flow Example
Intent — Show the flow end-to-end for one representative P0 flow. The discipline of tracing every step is what separates a classification scheme from a data map.
Example flow: Customer intake in a regulated services context. Replace with the client's highest-risk AI flow for the real deliverable.
Source
Customer uploads an intake document via the secure portal (P0 data: health history, identifiers).
Storage
Portal writes to the EHR with field-level encryption. Access is keyed to named care-team members.
AI processing
Approved clinical-grade AI tenant summarizes intake into a structured note. Prompt, output, and model ID logged to the audit store. Retention verified zero beyond 24-hour processing window.
Derived output
Summarized intake saved back to the EHR, tagged as AI-assisted, reviewed and countersigned by a licensed clinician before it enters the care record.
Retention / deletion
Intake record retained per jurisdictional EHR schedule. AI prompt and output purged after the retention window with a deletion receipt logged.
Handling Rules by Interaction
Intent — The common operations — prompting, training, storing, sharing — stated as explicit rules per tier.
| Operation | P0 | P1 | P2 | P3 |
|---|---|---|---|---|
| Paste into an AI prompt | Approved-for-P0 tools only | Approved enterprise tools | Approved tools | Any tool |
| Use for fine-tuning or embeddings | Never | Only with DPA + Council approval | Approved tenants | Any tool |
| Store in vector database | Never | Enterprise VDB with ACLs enforced | Enterprise VDB | Any VDB |
| Share inside organization | Named access only | Need-to-know | Internal general | Public |
| Share outside organization | Contract + counsel | NDA + business need | Business need | Public |
| Retain long-term | Per regulation | 7 years default | 3 years | Marketing schedule |
Maintenance
Intent — A data map is a living artifact. Stating the maintenance rhythm up front is the only defense against drift.
Inventory refresh
The inventory in §3 is refreshed at each quarterly Council review and any time a new system goes live or an existing system materially changes its data scope. Refreshes are led by the function owner for each data type.
Re-classification
Any request to re-classify a data type down a tier (e.g., P0 → P1) is a Council decision with General Counsel consulted. The proposer must state the rationale and the countervailing evidence considered. Approved re-classifications are dated and logged; rationale is retained for audit.
Reconciliation with downstream artifacts
Within 10 business days of an approved change to this artifact, the AUP (§1.1), the Vendor Risk Assessment checklist (§2.2), and the Incident Response runbook (§2.3) must be reviewed for alignment. Inconsistencies are tracked as governance risks until resolved.