Exploring Data Classification

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Data Classification

    Data Classification in ServiceNow provides visibility into the types of data hosted on your AI Platform instances and helps ensure compliance with privacy laws and industry regulations, such as those in financial services and medical device manufacturing. It is a manual process where you assign classifications to dictionary entries in tables, using either pre-defined or custom data classes. This enables you to manage and protect sensitive information effectively.

    Show full answer Show less

    Key Features

    • Manual Classification: Apply data classifications to dictionary entries in any table, with support for creating hierarchical parent-child classification systems.
    • Pre-defined and Custom Data Classes: Use pre-defined classifications included in demo data as a starting point or create your own tailored to your business needs.
    • Classification Scope: Classification applies only to dictionary entries, meaning inherited fields in child tables share the same classification as their parent table fields.
    • Overview Dashboard: Visualize how data tables map to classifications and analyze classification needs by user geography or regulatory requirements. The dashboard is customizable in content and layout.
    • API Support: Utilize scripted and REST APIs (Data Classification - REST API, DCManager) to integrate classification metadata into workflows and applications.
    • Domain and Process Separation: Supports domain separation, with the dataclassification table process separated to secure classification data.

    Use Cases and Practical Application

    Data Classification supports compliance with regulations like the European Union’s General Data Protection Regulation (GDPR) by identifying and protecting personal data (e.g., Personally Identifiable Information or PII). For example, you can classify sensitive employee data such as Social Security Numbers (SSN) with a Restricted classification to enhance security controls. When demo data is installed, it automatically applies PII classifications to certain sensitive fields (e.g., in the User [sysuser] table), facilitating regulatory compliance and data governance.

    Benefits for ServiceNow Customers

    • Gain clear insight into where sensitive and regulated data resides within your ServiceNow instance.
    • Meet compliance requirements by systematically classifying and protecting personal and sensitive information.
    • Leverage out-of-the-box demo data for a quick start and customize classifications as your business evolves.
    • Use dashboards and APIs to monitor, manage, and automate data classification within existing processes.

    Explore about data classification.

    Data Classification enables support for:
    • Visibility into the types of data hosted on a ServiceNow AI Platform instances.
    • Compliance with privacy laws, and meeting regulation requirements for industries such as financial services and medical device manufacturing.

    Data classifications

    Data classification is a standalone process in which you manually apply data classifications to existing dictionary entries in any table. See Data dictionary tables for additional information.
    • You classify data as you find appropriate for your business and you can alter the available data classes as necessary.
    • When you classify data, you can use the pre-defined data classifications, or create your own. Although use of pre-defined data classifications is optional, it is advisable do so as a starting point. These pre-defined data classifications are included in demo data that you can install in your instance. To learn more, see Installing Data Classification plugin demo data and Components installed with Data Classification demo data.
    • If you create your own data classifications, you can also design a tiered hierarchical system with parent and child data classifications.
    • When creating manual data classifications on an extended or child table, base fields inherited from the parent table are not available for selection.

      Classification is supported only for dictionary entries. You can't assign different classifications to inherited columns because they share the same dictionary entry. For example, you can't classify task.description as PII while classifying incident.description as Public.

    Overview dashboard

    Use the Overview dashboard to understand how your current data tables map to different data classifications. You can also analyze how your global, regional, international users may require different approaches to data classification, regarding the use or access to data. You can also customize the Overview dashboard content and layout to fit your needs.

    To learn how to use the available scripted and REST APIs to apply the classification metadata within existing processes, workflows, and applications, see the following:
    Note:
    Data Classification supports domain separation, and the data_classification table itself is process separated.

    Use cases

    General Data Protection Regulation (GDPR) is a European Union regulation whose purpose is to provide individuals with control over their own personal data. You can use data classifications, such as Personally Identifiable Information, to identify where personal data is being stored in your instance. By applying the appropriate security mechanisms to protect that personal data from leaking out, your organization satisfies GDPR requirements.

    If you store customer information in the ServiceNow AI Platform, use the Personally Identifiable Information (PII) classification code where needed to track data subject to regulation by local privacy laws. When you install demo data, it automatically applies this classification code to certain security-sensitive fields in the User [sys_user] table. To learn more, see:

    You can apply a Restricted data classification to Employee table columns that store sensitive employee information such as Social Security Numbers (SSN). Administrators and auditors can then use the Overview dashboard to confirm that you have assigned data classifications to the correct columns. They can also view the classification details for restricted types of information.