The rollout pattern: enable the dimensions, customize value sets to org policy, classify existing fields in bulk via Download/Upload, train field owners on classifying new fields, audit quarterly. The cost is real; the compliance benefit is the evidence regulators want.
- Coordinate with compliance on the policy
Which dimensions to enable, which values per dimension, who owns classification per field. The policy drives every configuration choice.
- Open Data Classification Settings and enable the dimensions
Setup, Data Classification Settings. Toggle on Sensitivity Level, Compliance Categorization, Data Owner per the policy.
- Customize value sets if needed
Add HIPAA-PHI or industry-specific compliance categories. Customize Sensitivity Level labels if the org uses different terminology.
- Download the current state via Data Classification Download
The download surfaces every field, with or without existing classification. The starting state for the bulk classification work.
- Classify existing fields in the CSV
Coordinate with field owners or use defaults for low-risk fields. Update Sensitivity Level, Compliance Categorization, Data Owner per row.
- Upload the updated CSV via Data Classification Upload
The Upload applies the classifications back to field metadata. No code deployment needed.
- Train field owners on classifying new fields
New field creation should include classification assignment. Add to the field-creation checklist; train new admins on the requirement.
- Schedule the quarterly audit cycle
Download, identify gaps, follow up, upload corrections. The cycle is the operational discipline that keeps classifications current.
Which classification dimensions are active org-wide. Drives the per-field surface and the Download/Upload CSV columns.
Salesforce defaults or org-customized values per dimension. Aligns vocabulary with org policy.
Object Manager, Field, Data Classification section. The granular configuration surface.
The CSV-based bulk classification workflow for any scale beyond a few fields.
Custom logic that reads FieldDefinition classification metadata to enforce policy at runtime.
- Per-field assignment is impractical past a few dozen fields. Use the bulk Download/Upload workflow for any meaningful scale.
- Value-set customization is org-wide. Changing values affects every field already classified; coordinate with compliance before changing.
- Classifications go stale as fields are added or repurposed. The quarterly audit is the only reliable freshness mechanism.
- Configuration alone is inventory, not enforcement. Downstream Flow, Apex, or integration consumption is what turns classification into compliance benefit.
- New field creation often skips classification assignment. The field-creation checklist needs to require classification or the inventory drifts immediately.