UC Santa Cruz Data Availability Levels
Overview
In accordance with UC's IS-3 Electronic Information Security policy , university data (also known as Institutional Information) and IT resources are classified into one of four Availability Levels based on the level of business impact their loss of availability would have on UC Santa Cruz. Compromises to A4 information or resources would cause the highest level of impact, while compromises to A1 would cause a minimal level of service impact. A4 requires the most security controls, while A1 requires fewer security controls. For the complete classification guide on Availability Levels, including explanations of the classifications and additional examples, see UC's Classification of Information and IT Resources page .
Proprietors, with the support of their Security Subject Matter Experts (SMEs) and Unit Information Security Leads (UISLs), are responsible for determining the Availability Level for Institutional Information and IT resources under their area of responsibility.
The following section defines each Availability Level and provides examples of data and IT resources that should be classified at that level. These examples are not exhaustive. If you are unsure about particular data, contact your UISL for guidance.
A4 (High)
 |
Loss of availability would result in major impairment to the overall operation of UC Santa Cruz and/or essential services, and/or cause significant financial losses. IT Resources that are required by statutory, regulatory and legal obligations are major drivers for this risk level. |
Examples include:
- Building access and critical systems (HVAC, lighting, elevators)
- Medical records systems
- Network and Supporting IT Infrastructure for A4 systems
- Financial, accounting and payroll systems
A3 (Moderate)
 |
Loss of availability would result in moderate financial losses and/or reduced customer service. |
Examples include:
- Ticketing or work management system (help desks, maintenance, etc.)
- Public websites
- Event ticketing systems
- Point-of-sale (POS) systems
A2 (Low)
 |
Loss of availability may cause minor losses or inefficiencies. |
Examples include:
- General file servers
- Student life management system
- Front desk sign-in system
- Electronic sign board system
- Department website
A1 (Minimal)
 |
Loss of availability poses minimal impact or financial losses. |
Examples include:
- Workstations
- Streaming systems (music and video)
Related Documents and Policies
- UC BFB-1S-12: IT Recovery Policy
- UC BFB-IS-3: Electronic Information Security
- Data Classification - Protection Levels
- Data and IT Resource Classification Guide
- UC Institutional Information and IT Resource Classification Standard and Guides
- General Data Protection Regulation (GDPR) Information
- NIH Data Management and Sharing Policy
Get Help
Contact the ITS Support Center if you need assistance with IT security or IS policy.
- IT Policies
- Data and IT Resource Classification
- Protection Levels for UC Institutional Information
- Security Web Site
- Availability Levels for UC Institutional Information
- IT Policy Glossary
- IS-3: Information Security Policy
- IS-12: IT Recovery Policy
Need Help?
Call: (831) 459-HELP (9-4357)
Email: help@ucsc.edu
