Practices for the Information Security Policy

Your data are valuable. In order to manage data security risks, units and University community members must ensure that their electronic devices and other resources which store, transmit, or process University information meet the information security processes and standards contained in the Information Security Policy.

Identify the Security Level of Your Data

The University uses the following three-tier security system.

    A horizontal bar representing the highest security level.

    High

    • Large amount of data
    • Legally protected data
    • Impact on critical functions
    A horizontal, partially-filled bar representing the medium security level.

    Medium

    • Smaller amount of data
    • Private and/or public data
    • Lower impact on critical functions
    A horizontal, partially-filled bar representing the low security level.

    Low

    • Smallest scope
    • Public data
    • Low/no impact on critical functions

    Begin by identifying your security level. Then use the resources linked below to comply with the Information Security Policy. If you have questions, contact University Information Security.

    Comply with the Information Security Policy

    Please note: A gap analysis is not the same as an Information Security Risk Assessment. Learn more about Risk Assessments.