Data and IT Resource Classification
The IS-3 Information Security and IS-12 IT Recovery policies play a crucial role in safeguarding the confidentiality, integrity, and availability of institutional information and IT resources. These policies establish a framework for classifying these assets into three key categories: Protection Level, Availability Level, and Recovery Level. This classification system is vital for tailoring security controls and recovery plans to the specific needs and risks associated with each type of information and IT resource.
The process for determining these classifications is detailed in the UC Institutional Information and IT Resource Classification Standard, providing a standardized approach to securing institutional assets against cyberthreats and ensuring their resilience.
Proprietors, with the support of their Security Subject Matter Experts (SMEs) and Unit Information Security Leads (UISLs), are responsible for determining the classification of Protection Levels and Availability Levels for institutional information and IT resources under their area of responsibility.
By adhering to these policies, we can better protect our critical information and IT infrastructure from a wide range of security challenges.
Protection Level
All UC Santa Cruz institutional information and IT resources is classified at one of four Protection Levels based on confidentiality and integrity requirements. For more information, see the Data Protection Levels page.
Availability Level
All UCSC institutional information and IT resources is classified at one of four Availability Levels based on the level of business impact that their loss of availability or service would have on UCSC. For more information, see the Data Availability Levels page.
Recovery Level
All UCSC institutional information and IT resources is classified at one of five Recovery Levels that indicate optimal timelines for recovery based on the importance of data and IT resources to UC Santa Cruz's Business Continuity Plan (BCP). For more information, see the Data Recovery Levels page.
Get Help
Contact the ITS Support Center if you need assistance with data and IT resource classification or information security policy.