Classifying and Protecting Information

The University generates, collects, processes and stores a large amount of information as part of its research, teaching, administrative, and other business activities.

The University must protect the security of information in its custody in order to achieve its goals and to comply with laws and regulations. In the interests of efficiency and economy, the level of protection should be commensurate with the value of the information asset or the impact to the University if security is compromised.

The information classification and protection guidelines provide a common framework for classifying the University’s information assets in order to determine the appropriate level of security protection. The guidelines have been developed to be sufficiently generic so that they can be applied to all areas within the University. Areas may choose to elaborate on this guideline to meet their specific needs.