You’re sitting in a briefing room, a senior official hands you a document that says “Derivative Classification Required.” Your stomach drops. Do you know exactly what that means, and more importantly, what you aren’t supposed to do? Most people treat “derivative classification” like a buzzword they’ve seen in a training slide, but the reality is far more practical—and a little messy. If you miss a single step, you could either over‑classify information or, worse, under‑protect something that should stay secret.
Here’s the thing: derivative classification isn’t a mysterious ritual reserved for spies. It’s a routine process that anyone who handles government or corporate classified material will eventually face. Understanding the steps—and spotting the one that doesn’t belong—keeps you out of trouble and helps your organization stay compliant Small thing, real impact..
So what are those steps? And which one is the odd one out? Let’s break it down, step by step, and you’ll walk away knowing exactly what to do (and what not to do) when you encounter derivative classification in the real world.
Real talk — this step gets skipped all the time Most people skip this — try not to..
What Is Derivative Classification
Derivative classification happens when someone takes already classified information and creates a new document that includes that classified material. Which means the new document inherits the same classification level and handling instructions from the original, original classification marking. In practice, you’re not re‑evaluating the secret nature of the source material; you’re simply copying it into a new format, summarizing it, or adding your own analysis Worth keeping that in mind..
Think of it like this: you have a top‑secret report about a military operation. That slide isn’t being classified from scratch; it’s deriving its classification from the original report. You write a briefing slide that pulls key facts from that report. The slide must carry the same level (Top Secret) and the same special handling notes (eyes‑only, need‑to‑know).
Derivative classification is governed by policy directives such as Executive Order 13526 and agency‑specific guidelines. The goal is consistency—ensuring that anyone who sees the derived product treats it with the same care as the original.
Key Concepts to Keep in Mind
- Classification level – The security tier (Confidential, Secret, Top Secret) assigned by the original.
- Derived handling – Special instructions like eyes‑only or code‑word that travel with the material.
- Derivative marking – A notation (e.g., “Derived from Original Classification: TS/EY”) that tells readers where the classification came from.
Why It Matters
Why should you care about a process that sounds like paperwork? Because missteps can cost lives, waste resources, or expose national security. When derivative classification goes wrong, you either over‑classify routine information (making it harder to share) or under‑classify critical data (creating a security hole) Which is the point..
Real talk — this step gets skipped all the time Most people skip this — try not to..
Consider a defense contractor that prepares a weekly status report for the Department of Defense. In real terms, if the contractor mistakenly marks every line as Top Secret because they’re unsure how to derive classification, the Pentagon ends up drowning in red tape. Conversely, if the contractor ignores derivative rules and leaves a Secret report unmarked, that information could slip into the wrong hands.
The stakes are high in government, defense, intelligence, and any sector that deals with regulated data. Proper derivative classification protects intellectual property, maintains trust with partners, and keeps you on the right side of audits.
How to Perform Derivative Classification
Performing derivative classification follows a clear, repeatable workflow. Below is the standard process most agencies teach in their derivative classification training courses.
Step 1: Review the Original Classification
You start by locating the source document and confirming its original classification marking. This includes the level, category (e.This leads to , Top Secret), and any special handling notes. g.You also check the source’s classification guide or security classification guide (SCG) to ensure you understand the rationale behind the original classification That's the part that actually makes a difference..
Step 2: Determine If the Information Is Derivable
Ask yourself: does the new document contain information that is already classified? But if yes, you’re in the derivative classification realm. If the new material is entirely independent—original research, new analysis, or data you gathered yourself—you’re doing original classification, not derivative And that's really what it comes down to..
Step 3: Apply the Same Classification Level
Take the classification level from the source and apply it to the new product. To give you an idea, if the source is Secret, your derived report must also be Secret. You never upgrade or downgrade unless you have a formal declassification or new classification review Worth keeping that in mind..
Step 4: Include the Same Handling Instructions
Special handling notes (e.Plus, g. , eyes‑only, code‑word, need‑to‑know) travel with the material. You copy those verbatim into the new document’s markings. This ensures that anyone who sees the derivative product knows exactly how to treat it Simple, but easy to overlook..
Step 5: Mark the Document as Derivative
Add a clear derivative classification statement. The standard format is
…the standard format is:
Derived From: [Source Document Title or Identifier]
Date: [Source document date or version]
Classification: [Exact level from source – e.g., Secret]
Handling Instructions: [Copy verbatim any special handling notes such as “Eyes‑Only,” “NOFORN,” or code‑word designations]
Derivative Classification Authority: [Your name, position, and organization]
Date of Derivation: [Today’s date]
Place this statement in the document’s classification banner (typically at the top and bottom of each page) and repeat it in any cover sheet or transmittal memo. Consistency in location helps reviewers spot the marking quickly during audits or handling procedures.
Step 6: Verify Against the Classification Guide
Cross‑check your applied markings with the relevant Security Classification Guide (SCG) or Classification Management Guide (CMG). see to it that no additional categories (e.g., Special Access Program or Foreign Government Information) have been inadvertently omitted or added. If the SCG provides a derivative‑classification matrix, use it to confirm that the level you selected matches the source’s sensitivity for the specific type of information you are reproducing.
Step 7: Document the Decision Process
Maintain a brief derivation log — either electronic or paper — that records:
- Source document reference
- Reasoning for derivability (what portion was copied, paraphrased, or summarized)
- Applied classification level and handling notes
- Name and signature of the classifier
- Date of derivation
This log satisfies audit requirements and provides a traceable trail if the classification is later questioned That's the whole idea..
Step 8: Conduct a Peer or Supervisory Review
Before final release, have a second qualified reviewer (often a security officer or senior classifier) confirm that the derivative markings are accurate and complete. This extra check catches oversights such as missed handling instructions or accidental upgrades/downgrades.
Step 9: Store and Distribute According to Markings
Store the derivative product in the appropriate security container or classified network segment that matches its level. When transmitting, use approved classified channels (e.g., SIPRNet for Secret, JWICS for Top Secret) and include the derivative statement in any accompanying documentation.
Best Practices to Reinforce Derivative Classification
- put to work Automation: Many agencies employ classification‑assistance tools that scan source files, extract existing markings, and auto‑populate derivative statements. Use these as a first pass, then manually verify.
- Regular Refresher Training: Classification rules evolve; schedule annual refresher courses that include scenario‑based exercises on derivative marking.
- Clear SOPs: Write standard operating procedures that delineate who may perform derivative classification, where logs are kept, and how to handle ambiguities (e.g., when source markings are unclear).
- Classification Help Desk: Designate a point‑of‑contact for questions about derivability, especially when dealing with mixed‑source documents or emerging data types (e.g., machine‑learning outputs).
- Audit Readiness: Periodically run internal audits that sample derivative products, compare them against source materials, and verify that logs and markings align.
Conclusion
Derivative classification is not a bureaucratic formality; it is a critical safeguard that preserves the integrity of classified information as it moves through creation, review, and distribution. By rigorously reviewing source markings, confirming derivability, applying the exact same level and handling instructions, documenting the process, and subjecting the work to independent review, organizations avoid the twin dangers of over‑classification — which burdens workflows — and under‑classification — which jeopardizes national security. Embedding these steps into routine practice, supported by training, automation, and clear SOPs, ensures that derivative products remain trustworthy, compliant, and ready for any audit or mission‑critical use Simple, but easy to overlook..