Guide: Data and IT Resource Classifications
The IS-3 Information Security and IS-12 IT Recovery policies play a crucial role in safeguarding the confidentiality, integrity, and availability of institutional information and IT resources. These policies establish a framework for classifying assets into three key categories: Protection Level, Availability Level, and Recovery Level. This classification system is vital for tailoring security controls and recovery plans to the specific needs and risks associated with each type of information and IT resource.
Report an information security incident
Learn how to report a compromise of the privacy, integrity, or availability of UC Santa Cruz data and systems.
About
The process for determining these classifications is detailed in the UC Institutional Information and IT Resource Classification Standard, providing a standardized approach to securing institutional assets against cyberthreats and ensuring their resilience. By adhering to these policies, we can better protect our critical information and IT infrastructure from a wide range of security challenges.
Information security classification levels
Protection Levels
University data is classified into four different types with tailored levels of protection for each.
Availability Levels
University data and IT resources are classified by criticality into five recovery levels.
Recovery Levels
University information and IT resources are classified into five recovery levels.
Related policies