Guardium supports the discovery and classification of sensitive data to allow the creation and enforcement of effective access policies.

A classification policy is a set of rules designed to discover and tag sensitive data elements. Actions can be defined for each rule in a classification policy, for example to generate an email alert or to add a member to a Guardium group, and classification policies can be scheduled to run against specified datasources or as tasks in a workflow.

Discovery and classification routines become important as the size of an organization grows and sensitive information like credit card numbers or personal financial data become present in multiple locations, often without the knowledge of the current administrators responsible for that data. This frequently happens in the context of mergers and acquisitions, or when legacy systems have outlasted their original owners. Guardium classification discovers and tags this sensitive data so appropriate access policies can be applied.