|
|
|
|
Division of IT: Security
Data Classification System DefinitionsThe MU Data Classification System (DCS) is a tool for categorizing the institution's data assets. The system consists of four levels with corresponding security requirements for each level. The MU data classification system does not apply to student computers and personal data stored on those computers except in circumstances where a student is also an employee and happens to hold MU owned data on his/her computer Questions about the MU data classification system should be directed to isam@missouri.edu.Level 1: PublicPublic data has been explicitly approved for distribution to the public. There is no such thing as unauthorized disclosure of this information and it may be freely disseminated without potential harm to the University or its affiliates. Examples: Advertising, product and service information, directory information, published research, presentations or papers given at conferences, job postings, press releasesLevel 2: ConfidentialConfidential data must be protected by authentication or identity verification and includes information that is not restricted but would not normally be shared with the general public. Confidential data is intended for use within a specific workgroup, department or group of individuals with a legitimate need-to-know. Unauthorized disclosure of this information could adversely impact the University, individuals or affiliates. Examples: Employee records (such as performance evaluations), student directory information, budget and salary information, departmental policies and procedures, procurement, documentation, research that has not been completed or published, vendor documentation, contractsLevel 3: RestrictedRestricted data must be protected by authentication or identify verification and in certain circumstances is protected by law. Restricted data is the most sensitive business information that is intended for a very specific use and should not be disclosed even within a workgroup or department. Unauthorized disclosure of this information could have a serious adverse impact on the University, individuals or affiliates. Examples: Social Security Numbers, credit card numbers, medical records, student data that is not considered directory information, information protected by non-disclosure agreements, confidential researchLevel 4: National Security InterestNational security interest data is data that has been classified by a third party as having the potential to impact national security. Individuals managing or accessing NSI data are responsible for complying with the requirements for levels 1, 2 and 3, National Security Decision Directives and other Federal Government directives for data and systems that are classified, and security procedures specified by the source agency that provides the information. |