Data classification is a method that allows an organization to categorize information assets and apply security policies in accordance with that categorization. Categorization is done to ensure that sensitive information and information that is protected by law is protected appropriately. Examples of different types of regulations and laws that affect how we handle information assets include FERPA, HIPAA, GLBA, and e-commerce regulations.
View the University Data Classification System.
Data classification provides several benefits. It allows an organization to inventory its information assets. In many cases, information asset owners aren’t aware of all of the different types of data they hold. It also allows central IT to work with departments to develop specific security requirements that can be readily utilized.
University departments can classify their systems by first taking an inventory of systems and applications. After an inventory is collected an appropriate classification should be made based on the Data Classification System definitions. This information should then be registered at registerIT.missouri.edu. Once classified, departments should take appropriate action to ensure that DCS requirements are met whenever possible. For situation where a DCS requirement cannot be met, an exception can be requested by emailing isam@missouri.edu.
If you have any questions about the Data Classification System, contact your central IT staff or isam@missouri.edu.