The Texas A&M University (TAMU) Data Classification Standard
Summary
The Texas A&M University (TAMU) Data Classification Standard is intended to help data stewards, data owners, resource custodians and Information Technology (IT) personnel across the TAMU colleges, agencies, divisions and departments categorize their information and information systems, according to the impact of loss and sensitivity of data they contain. Categorization will help departments allocate their resources, prioritize the selection and placement of security controls, and ensure that systems containing sensitive information meet baseline security standards. The full documentation on Data Classification Standards may be found here:
https://cio.tamu.edu/policy/it-policy/controls-catalog/standards/data_classification_standard.pdf
The Texas A&M University (TAMU) Data Classification Standard
Restricted (Extreme Impact / Sensitivity)
Restricted information is the highest level of classification and use is limited to explicitly designated individuals or groups of individuals with a stringent business need to know.
Impact of Loss
Misuse or unauthorized collection, disclosure, compromise, alteration or destruction of restricted data could result in the compromise of national security, long-term and catastrophic financial damage, and/or cause longterm and severe or catastrophic harm to Texas A&M University, its stakeholders and reputation. Restricted data also includes data that, if compromised, may lead to the bodily or physical harm of individuals.
Examples of Restricted Data
• Highly Classified Research, Top-Secret Government Information
• Passwords to DoD or DoS workers/contractors
• Classified information relating to defense articles and defense services
• Information covered by an invention secrecy act
• Witness protection information
• Child welfare and legal information about minors (juvenile justice, foster care and/or adoption)
• Individually identifiable medical records categorized as extremely sensitive
• Research information classified as Level 5 by an IRB or otherwise required to be stored or processed in a high security environment and on a computer not connected to the Texas A&M data networks
Confidential (High Impact / Sensitivity)
This classification level is reserved for information that would, if inadvertently released, have a significant or severe adverse impact to the university. This university data is protected specifically by federal or state law or Texas A&M rules and regulations. Such information may also be subject to state or federal breach notification requirements. This category also focuses on information restricted through certain legal agreements.
Examples of Confidential Data
· Federal tax information
· Individual finance/tax information
· HIPPA, FERPA
· SSN, Credit/Debit Cards, DL/ID/Passport numbers, Bank Account Information, DOB, Student records, Criminal background checks, Donor/alumni information
· Human subject information, Sensitive digital research data
· Research information classified as Level 2 by an IRB
· Export controlled information – ITAR and EAR - Information or technology controlled under the International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR).
Controlled (Moderate Impact / Sensitivity)
University data not otherwise identified as confidential or restricted, but which may or may not be releasable in accordance with the Open Records Requests or Texas Public Information Act (e.g., contents of specific email, date of birth, salary, etc.) Such data must be appropriately protected to ensure a controlled and lawful release (if applicable).
Examples of Controlled Data
· Non-public administrative or operational data,
· Employee: Evaluations, Personal information, Information used to validate identity
· Asset listings and locations, Building plans
· Email content, Agency policies, procedures, Training materials, Meeting information
· Non-restricted research data, Controlled unclassified data, Unpublished research work and intellectual property not in Level 3 or 4, Patent applications and work papers, drafts of research papers.
Public (Low Impact / Sensitivity)
The lowest data classification level includes data openly available to the public. This might include low-sensitivity data which, when openly distributed, presents no risk to the university. This might also include official university communications and public announcements.
Examples of Public Data
· Public directory information
· Directory information about students who have not requested a FERPA block
· Faculty and staff directory information
· Research publication information, Course catalog information
· Employee ID
· Data covered by non-disclosure agreements, service level agreements, grants, etc.
· Intercollegiate sports information (team rosters, statistics, scores, schedules)
If you have any issues with this knowledge base or article contact the CVM help Desk at 979 862 4554 or write to us:
Filename | Size |
---|---|
The Texas A.docx | 15 KB |
The Texas A.pdf | 131 KB |
|
|