Managing University Data

| Data Classification GuidelinesPersonally Identifiable Information | Data Classification Policy | Managing University Data | System Risk Analysis |

The classification of data on campus is important to a number of business processes.

In the event of a disaster, data classified in their respective levels are brought back up online using the appropriate controls and in a timely manner.
See the Disaster Recovery and Business Continuity Planning Tool resource for more information on managing and maintaining effective business recovery tools.

Likewise if a system is infected with any malware the appropriate level of controls and management will be engaged and applied, commensurate with the level of sensitivity the data on the compromised system has. Level III data disclosures may need to be publicly disclosed in addition to notifying the sponsoring federal agencies, if grant based. Click the Procedures on Handling a System Compromise link for additional information.

Local State and Federal regulations in addition to industry standards require systems processing protected data to be controlled appropriately. Classification of the intended data types aids this effort.
Export Controls Policies list types of industry standards or regulations relating to the restricted (Level III) data research entities create to ensure that the data is appropriately controlled.

All campus systems that store or process restricted (Level III) data need to be registered and scanned regularly to ensure that the appropriate controls safeguarding the resources are current.
See Uiowa System Registry for details on how to register a system, and to fill out the following Scan Request form to get your system(s) scanned.

Departmental and or research units looking to provision systems to begin business operations will have a good working idea of what costs and or savings are involved, and budget accordingly.
Data Handling Requirements in the Institutional Data Access Policy
This document describes the minimum requirements for protecting systems based on the type of data they hold.

Having a working idea of what types of data exist and how each needs to be protected will allow the Business Owners, Data Custodians and End Users to work responsibly and protect the data accordingly. The explosive continued use of cloud services and mobile devices in units across campus is one area that could benefit from users knowing what type of data they have before they use any service or application. Roles and Responsibilities Policy
describe the various administrative roles campus staff assume to manage and protect their data through out its various life-cycles.

Whilst not exhaustive, if your role with the university involves working with restricted (Level III) data, download and printout if necessary, the following reference tables that cover storing and transferring restricted data.

PDF iconClick to download the Transfer To Store PII Guide (pdf)

PDF iconClick to download the Data Classification and Security Controls Guide (pdf)