Skip to main content

Why Classification Matters for Compliance

Auditors ask: “Where is your PII?” You need an answer that isn’t “let me check.” AnomalyArmor’s auto-classification and custom tags give you:
  • Instant PII inventory across all databases
  • Audit-ready exports of sensitive data locations
  • Continuous monitoring as new tables appear

Common Compliance Scenarios

SOC 2 / Security Audits

Auditor asks: “Show me all tables containing customer data.” Your response:
  1. Go to AssetsFilterClassificationpii:*
  2. Export the filtered list
  3. Hand auditor a complete inventory

GDPR Data Mapping

Requirement: Know where personal data is stored. Your workflow:
  1. Auto-classification tags emails, names, addresses automatically
  2. Filter by pii:email, pii:name, pii:address
  3. Document each table’s purpose and retention policy using descriptions

Access Reviews

Requirement: Verify who can access sensitive data. Your workflow:
  1. Tag sensitive tables: sensitivity:high, sensitivity:medium
  2. Cross-reference with database permissions
  3. Use tags to prioritize access review scope
TagUse For
pii:email, pii:phone, etc.Auto-classified PII (automatic)
sensitivity:highManually flagged critical data
compliance:reviewedAudit trail of reviewed assets
compliance:gdpr-scopeGDPR-relevant data
retention:30-daysData retention policy

Audit Preparation Checklist

[ ] Run discovery to ensure catalog is current
[ ] Review auto-classification results for accuracy
[ ] Remove false positives (email_count ≠ PII)
[ ] Add manual tags for data auto-classification missed
[ ] Export filtered asset list for auditor
[ ] Document any exceptions with descriptions

Staying Compliant Over Time

New tables appear. Schemas change. Stay ahead:
  1. Alert on new PII: Create rule for “New asset detected” + filter by auto-classification
  2. Review cadence: Monthly review of compliance:needs-review tagged assets
  3. Discovery schedule: Run frequently enough to catch new tables before auditors do