A way to approach security policy and its implementation that involves the classification of information into one of several classifications, each of which has an associated security policy. Other assets such as servers and end-points can be similarly classified. In some cases data can only be processed or stored on computers which share the same classification designation.