A classification scheme defines the confidentiality levels into which an organization’s information is categorized. Typical levels are Public, Internal, Confidential, and Strictly Confidential. Each level comes with specific handling rules: who may access, how to store, how to transmit, how to delete. ISO 27001 Annex A.5.12 requires a documented classification scheme. In your ISMS, it is the foundation for information protection — without clear levels, employees do not know which data requires special protection. Keep the scheme deliberately simple: too many levels cause confusion and get ignored in practice.