What is Data Classification?
Do you know the sensitivity level of data which you can access in UM? Are you paying extra attention and take necessary security measures while handling sensitive data? Data classification is the tool for you to assess the sensitivity of data and help you effectively answer the above questions.
Why do You Need to Classify Data in UM?
Disclosure of sensitive data may cause damage to the reputation of the University or may have certain legal implications. To manage the risk of losing valuable data assets and to help you understand the sensitivity of data, ICTO is going to develop a data classification framework according to the risk or impact if such data is inadvertently exposed. Data classification provides guidance on the different levels of data sensitivity and help you focus on protecting sensitive data.
What Data in UM are to be Classified?
All the electronic data in ICTO data center, excluding individually owned data.
Who are Responsible for Data Classification?
Proposed Data Classification Levels
ICTO proposes four levels of data classification to indicate the degree of sensitivity. These levels are listed from the most sensitive to the least sensitive:
Data Classification Levels and Confidential Information
There are Guidelines for Handling Confidential Information for handling confidential information according to the obligations on confidentiality for the data/information accessible/obtained from the University IT systems. So, what’s the relation between information labelled by the four data classification levels introduced in this article and the confidential information mentioned in the guidelines? Please find the following mapping for the answer.
|Level||Classification||Is the confidential information mentioned in guidelines?|
Therefore, Guidelines for Handling Confidential Information are applicable for information classified as level 1 (Restricted) or 2 (Confidential).