Longwood University 
   Chief Information Officer:
    Information and Instructional Technology Services
  201 High Street, Coyner 107, Farmville, VA  23909
   Phone: 434.395.2034         Fax: 434.395.2035

Policy 6134
DATA CLASSIFICATION

I.      PURPOSE

The purpose of this policy is to identify how the sensitivity of the university’s data will be classified.

II.     DEFINITION

Sensitivity: Sensitivity is the degree of adverse effect a compromise of confidentiality, integrity or availability would have on Commonwealth of Virginia interests, the conduct of university programs or the privacy to which individuals are entitled.

III.   POLICY

  1. Identification of Data: University data owners, as defined in the Security Roles and Responsibilities policy, will be responsible for identifying all types of data handled by the university and classifying the sensitivity of the data as appropriate based on their evaluation.
     
  2. Evaluation and Classification of Data:
     
    1. Each data type will be evaluated and classified based on the Data Classification Standards. In determining the sensitivity of the data the requirements of federal, state and local laws must be considered.
       
    2. Data owners are required to follow the instructions and format approved by the Information Security Office for conducting and completing their data classification.
       
    3. Data classification information will be made available to all university information technology (IT) system users.
       
    4. Users will be responsible for recognizing the classification of the data they handle and adhering to the safeguards prescribed to consistently protect the data throughout its life cycle and in any form.
       
  3. Classification of IT Systems: IT systems will be classified and protected according to the most sensitive data created, received, processed, stored or transmitted by the system regardless of the sensitivity of the other data.

IV.    ENFORCEMENT

The University regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.

Approved by the Board of Visitors, December 5, 2008.
Revised and approved by the Board of Visitors, September 11, 2009.

 

Back to the Table of Contents                                    Next Policy