For LLM agents: documentation index at
/llms.txt, full text at
/llms-full.txt. Append .md to any page URL for plain markdown.
Why Classification Matters for Compliance
Auditors ask: “Where is your PII?” You need an answer that isn’t “let me check.”
AnomalyArmor’s auto-classification and custom tags give you:
- Instant PII inventory across all databases
- Audit-ready exports of sensitive data locations
- Continuous monitoring as new tables appear
Common Compliance Scenarios
SOC 2 / Security Audits
Auditor asks: “Show me all tables containing customer data.”
Your response:
- Go to Assets → Filter → Classification →
pii:*
- Export the filtered list
- Hand auditor a complete inventory
GDPR Data Mapping
Requirement: Know where personal data is stored.
Your workflow:
- Auto-classification tags emails, names, addresses automatically
- Filter by
pii:email, pii:name, pii:address
- Document each table’s purpose and retention policy using descriptions
Access Reviews
Requirement: Verify who can access sensitive data.
Your workflow:
- Tag sensitive tables:
sensitivity:high, sensitivity:medium
- Cross-reference with database permissions
- Use tags to prioritize access review scope
Recommended Tag Structure
| Tag | Use For |
|---|
pii:email, pii:phone, etc. | Auto-classified PII (automatic) |
sensitivity:high | Manually flagged critical data |
compliance:reviewed | Audit trail of reviewed assets |
compliance:gdpr-scope | GDPR-relevant data |
retention:30-days | Data retention policy |
Audit Preparation Checklist
[ ] Run discovery to ensure catalog is current
[ ] Review auto-classification results for accuracy
[ ] Remove false positives (email_count ≠ PII)
[ ] Add manual tags for data auto-classification missed
[ ] Export filtered asset list for auditor
[ ] Document any exceptions with descriptions
Staying Compliant Over Time
New tables appear. Schemas change. Stay ahead:
- Alert on new PII: Create rule for “New asset detected” + filter by auto-classification
- Review cadence: Monthly review of
compliance:needs-review tagged assets
- Discovery schedule: Run frequently enough to catch new tables before auditors do
Common Questions
How do I answer ‘where is our PII?’ during an audit?
Go to Assets, filter by classification pii:*, and export the list. You get a complete inventory of PII-tagged columns across every connected database. Pair with a manual spot-check for PII hidden in non-obvious column names.
Does AnomalyArmor help with GDPR data mapping?
Yes. Auto-classification tags emails, names, and addresses automatically. Filter by the relevant pii:* tags to map where personal data lives, then add retention or scope tags like compliance:gdpr-scope for documentation.
Can I flag tables as reviewed for audit purposes?
Use custom tags like compliance:reviewed and compliance:needs-review. Apply them manually or in bulk, then filter by tag to see what still needs attention.
What happens if a new table appears between audits?
Create an alert rule for “New asset detected” filtered by auto-classification. Every time discovery finds a new PII-tagged table, the alert fires so you can review it before the next audit cycle.