| Classification Label |
Public |
Internal |
Restricted |
| Sensitivity |
Low |
Moderate |
High |
| Confidentiality |
Low |
Moderate |
High |
| Description |
All university data acceptable for public consumption. |
All data used for conducting university business that is not meant for distribution beyond the university. All university data is considered “Internal” until classified otherwise. |
All university data for which an unauthorized disclosure may result in identity theft or university liability for costs or damages, under laws, government regulations or contract. |
| Storage |
| Server |
|
- University owned device
- Not publically accessible
|
- University owned device
- Not publically accessible
|
| Desktop Workstation, Laptop, USB drive, Handheld, etc. |
|
|
|
| Non-electronic data (paper documents, white or black boards, photographs, etc.) |
|
- Secure location with appropriate physical controls
|
- Data owner's approval
- Secure location with appropriate physical controls
- Labeled at data owner's discretion
|
| Transmission |
| Campus Mail |
|
|
- Secured and labeled at data owner's discretion
|
| External Mail |
|
|
|
| Fax |
|
|
|
| Telephone (POTS) |
|
|
|
| Other Electronic Transmission (internal and external* e-mail, file transfers, VoIP, etc.) |
|
|
|
| Disposal |
| Electronic data |
|
|
|
| Non-electronic data |
|
- Redact
- Shred with cross-cut shredder
|
- Redact
- Shred with cross-cut shredder (see Virginia Administrative Code) Note: Although you may not have a cross-cut shredder, as long as the shredded records are pulped or incernerated, it meets the requirements of the regulations that social security numbers in the records be made, "...unreadable or undecipherable by any means."
|
*External e-mail containing Social Security Numbers (SSN) and/or Credit Card Numbers (CCN) are prohibited.
Revised and approved by CIO, May 2, 2011.
Revised and approved by CIO, September 2, 2011.
