UC Santa Cruz Data Availability Levels

Overview

In accordance with UC's IS-3 Electronic Information Security policy, university data (also known as institutional information) and IT resources are classified into one of four Availability Levels based on the level of business impact their loss of availability would have on UC Santa Cruz. Compromises to A4 information or resources would cause the highest level of impact, while compromises to A1 would cause a minimal level of service impact. A4 requires the most security controls, while A1 requires fewer security controls. For the complete classification guide on Availability Levels, including explanations of the classifications and additional examples, see UC's  Classification of Information and IT Resources page

Proprietors, with the support of their Security Subject Matter Experts (SMEs) and Unit Information Security Leads (UISLs), are responsible for determining the Availability Level for institutional information and IT resources under their area of responsibility. 

The following section defines each Availability Level and provides examples of data and IT resources that should be classified at that level. These examples are not exhaustive. If you are unsure about particular data, contact your UISL for guidance. 

A4 (High) 

availability 4 Loss of availability would result in major impairment to the overall operation of UCSC and/or essential services, and/or cause significant financial losses. IT resources that are required by statutory, regulatory and legal obligations are major drivers for this risk level.

Examples include:

  • Building access and critical systems (HVAC, lighting, elevators)
  • Medical records systems
  • Network and Supporting IT Infrastructure for A4 systems
  • Financial, accounting and payroll systems

A3 (Moderate)

availability 3 Loss of availability would result in moderate financial losses and/or reduced customer service.

Examples include:

  • Ticketing or work management system (help desks, maintenance, etc.)
  • Public websites
  • Event ticketing systems
  • Point-of-sale (POS) systems

 A2 (Low)

availability 2 Loss of availability may cause minor losses or inefficiencies.

Examples include:

  • General file servers
  • Student life management system
  • Front desk sign-in system
  • Electronic sign board system
  • Department website

A1 (Minimal)

availability 1 Loss of availability poses minimal impact or financial losses.

Examples include:

  • Workstations
  • Streaming systems (music and video)

 Related Documents and Policies

Get Help

Contact the ITS Support Center if you need assistance with IT security or IS policy.