Draft a comprehensive document classification policy for [CompanyName] that translates business risk into clear, enforceable rules. Define [ClassificationLevels] with purpose, scope, typical content examples, and default retention. Include a decision-tree classification method usable by non-experts, and delineate accountabilities for [Role] owners and custodians. Specify handling requirements for creation, storage, transmission, sharing, printing, and disposal, aligned to [RegulatoryFramework].
Output format:
“Policy Summary” (≤150 words).
“Decision Tree” (ASCII) with yes/no branches ending in a single level.
“RACI Table” (Markdown) for Roles: Business Owner, Data Steward, IT Security, Legal, Records.
“Control Requirements by Level” (Markdown table: Level | Allowed Repositories | Encryption At Rest | Encryption In Transit | External Sharing | Printing | Disposal).
“Exceptions” (≤100 words) and “Review Cadence” (frequency + trigger events).
Ensure language is precise, auditable, and ready for board approval.