Data Usage Guidelines
The University of California, Santa Cruz (UCSC) is committed to high standards for the protection of information assets and information technology resources that support the university mission. All information has some level of risk and a minimum level of protection requirements.
Allowable Data Use Guidelines
The purpose of these guidelines is to help you make informed decisions about the appropriate use of services based on the type of data and its risk classification.
Please refer to the following for specifics by vendor or service:
- UCSC Google Apps Services Allowable Data Use
- UCSC Amazon Web Services Allowable Data Use
- Use of Third Party and Cloud Services
Data Classification
Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the university should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. All Institutional Information should be classified into one of these four protection levels: P1 - P4.
Other Relevant Policies
End users must use vendor services in accordance with the following policies that govern general computer use and protections on campus:
- UC Electronic Communication Policy
- UC Santa Cruz Acceptable Use Policy
- UC BFB IS-3, Information Security Policy
Please contact the Information Security Officer with any questions about the appropriate classification and protection of information.