# Classify Infrastructure Entities

### Introduction

Entity classification is essential for accurate compliance monitoring in Sprinto. By classifying each infrastructure entity as *Production* or *Not Production*, Sprinto applies the correct set of compliance checks to ensure relevant controls are enforced.

Entities left **Unclassified** are excluded from monitoring until a classification is applied.

***

### Available Classification Types

<table data-header-hidden><thead><tr><th width="208.16015625"></th><th></th></tr></thead><tbody><tr><td><strong>Classification</strong></td><td><strong>Description</strong></td></tr><tr><td><strong>Production</strong></td><td>Entity processes or stores sensitive, confidential, or in-scope data.</td></tr><tr><td><strong>Not Production</strong></td><td>Entity handles non-sensitive, test, or staging data.</td></tr><tr><td><strong>Unclassified</strong></td><td>Default state for newly synced entities until classification is applied.</td></tr></tbody></table>

***

### Classification Hierarchy

Sprinto supports multiple classification methods. If more than one is used, the following hierarchy applies:

1. **Manual Classification** (Highest priority)
2. **Tag-based Classification**
3. **Parent-based Classification**
4. **System-level Default Classification**

Manual overrides always take precedence.

***

### Classification Methods

#### 1. System-wide (Smart) Classification

Apply a default classification to all entities within a system.

**Steps**:

1. Go to **Data Library → Infrastructure → Infra systems**.
2. Click **Configure** on the relevant infrastructure system.
3. In the **Classification** section, choose a default:
   * Production
   * Not Production
4. Click **Save**.

Future entities synced from this system will inherit this default unless overridden.

***

#### 2. Manual Classification (Per Entity)

Manually assign classification to individual entities by evaluating their sensitivity.

**Steps**:

1. Click on an infrastructure system and go to the **Entities** tab.
2. Select the entity you want to classify.
3. Click **Classify**.
4. Choose **Manual override**, then answer the classification questionnaire:
   * Type of data processed
   * Data storage and sensitivity
   * Role of the instance (primary, backup, etc.)
5. Click **Save**.

The associated check status will update to **Passing** if criteria are met.

***

#### 3. Tag-Based Classification

Automatically classify entities using recognised tags.

**Supported Tags**:

<table data-header-hidden><thead><tr><th width="179.30078125"></th><th width="200.84765625"></th><th width="221.87109375"></th></tr></thead><tbody><tr><td><strong>Key</strong></td><td><strong>Value</strong></td><td><strong>Classification</strong></td></tr><tr><td><code>sprinto</code></td><td><code>prod</code></td><td>Production</td></tr><tr><td><code>sprinto</code></td><td><code>notprod</code></td><td>Not Production</td></tr><tr><td><code>env</code></td><td><code>production</code></td><td>Production</td></tr><tr><td><code>env</code></td><td><code>notprod</code></td><td>Not Production</td></tr><tr><td><code>environment</code></td><td><code>prod</code></td><td>Production</td></tr><tr><td><code>environment</code></td><td><code>staging</code></td><td>Not Production</td></tr></tbody></table>

Ensure these tags are set on the entity in your cloud platform prior to syncing.

***

#### 4. Parent-Based Classification

Entities with a parent-child relationship inherit classification from the parent.

**Steps**:

1. Navigate to the target child entity.
2. Click the edit icon in the **Classification** column.
3. Choose **Based on the parent entity**.
4. Save the configuration.

{% hint style="info" %}
You can still override parent-based classification using manual or tag-based methods.
{% endhint %}

***

### Best Practices

* Use **Smart Classification** during initial setup for faster configuration.
* Apply **Manual Classification** to high-risk or business-critical systems.
* Use **Tag-based Classification** for environments with consistent tagging policies.
* Rely on **Parent-based Classification** when managing nested resources (e.g., instances under a VPC).