Information Technology Services

Wave pattern

Guide: Data and Resource Availability Levels

In accordance with UC Information Technology Recovery Policy (IS-12) and based criticality to the university, information and IT resources are classified into five Recovery Levels with optimal timelines for recovery. The higher the level, the more effort, security controls, and resources are put into ensuring that the system or data are available and working. 

In this guide

Report an information security incident

Learn how to report a compromise of the privacy, integrity, or availability of UC Santa Cruz data and systems.

Report a security incident
Green dash

Availability levels and examples

IT resources are classified into one of four availability levels based on the level of business impact their loss of availability would have on UC Santa Cruz. Compromises to A4 information or resources would cause the highest level of impact, while compromises to A1 would cause a minimal level of service impact. Correspondingly, resources with the highest level of impact, require the most security controls.

Battery with four bars representing high data availability level

A4 (High)

Loss of availability would result in major impairment to the overall operation of UCSC and/or essential services, and/or cause significant financial losses. IT resources that are required by statutory, regulatory and legal obligations are major drivers for this risk level.

Examples include:

  • Building access and critical systems (HVAC, lighting, elevators)
  • Medical records systems
  • Network and Supporting IT Infrastructure for A4 systems
  • Financial, accounting and payroll systems
Battery with three bars representing moderate data availability level

A3 (Moderate)

Loss of availability would result in moderate financial losses and/or reduced customer service.

Examples include:

  • Ticketing or work management system (help desks, maintenance, etc.)
  • Public websites
  • Event ticketing systems
  • Point-of-sale (POS) systems
  • Financial, accounting and payroll systems
Battery with two bars representing low data availability level

A2 (Low)

Loss of availability may cause minor losses or inefficiencies.

Examples include:

  • General file servers
  • Student life management system
  • Front desk sign-in system
  • Electronic sign board system
  • Department website
Battery with one bar representing minimal data availability level

A1 (Minimal)

Loss of availability poses minimal impact or financial losses.

Examples include:

  • Workstations
  • Streaming systems (music and video)
Green dash

Policy alignment

These availability levels are in accordance with the University of California’s IS-3 Electronic Information Security Policy. For the complete classification guide on Availability Levels, including explanations of the classifications and additional examples, review UC’s Classification of Information and IT Resources. If you are unsure about particular data, contact your UISL for guidance.  

Green dash

Responsibilities

Proprietors, with the support of their Security Subject Matter Experts (SMEs) and Unit Information Security Leads (UISLs), are responsible for determining the Availability Level for institutional information and IT resources under their area of responsibility. 

Green dash

Related policies

Green dash

Related guides

Last modified: Apr 16, 2025