Availability Levels for UC Institutional Information

Under the IS-3 Electronic Information Security policy, university information and resources are classified in one of four categories, known as Availability Levels. All UC Institutional Information and IT Resources are classified into one of four Availability Levels based on the level of business impact their loss of availability or service would have on UC.

Proprietors, with the support of their Security Subject Matter Experts (SMEs) and Unit Information Security Leads (UISLs), are responsible for determining the Availability Level for Institutional Information and IT Resources under their area of responsibility. For the complete classification guide on Availability Levels, including explanations of the classifications and additional examples, see the Classification of Information and IT Resources GuideITS has also created a data resource classification page for quick reference.

 

Availability Level 

Impact of Outage Examples

 availability 4

A4 - High

Loss of availability would result in major impairment to the overall operation of the Location and/or essential services, and/or cause significant financial losses. IT Resources that are required by statutory, regulatory and legal obligations are major drivers for this risk level.
  • Building access and critical systems (HVAC, lighting, elevators)
  • Financial, accounting and payroll systems
  • Medical records systems
  • Network and Supporting IT Infrastructure for A4 systems

availability 3 

A3 - Moderate

Loss of availability would result in moderate financial losses and/or reduced customer service.

  • Ticketing or work management system (help desks, maintenance, etc.).
  • Public websites
  • Event ticketing systems.
  • Point-of-sale (POS) systems.

availability 2 

A2 - Low

Loss of availability may cause minor losses or inefficiencies.

  • General file servers.
  • Student life management system.
  • Front desk sign-in system.
  • Electronic sign board system.
  • Department website.

 

 availability 1

A1 - Minimal

Loss of availability poses minimal impact or financial losses.
  • Laptops.
  • Workstations.
  • Streaming systems (music and video)

Compromises to A4 information or resources would cause the highest level of impact; compromises to A1 would cause a minimal level of service impact. A4 requires the most security controls, while A1 requires fewer security controls. 

 Contact the ITS Support Center if you need assistance with IT security or IT policy.