Data Elements Secure Storage & Exchange
The Data Elements Secure Storage & Exchange table lists individual data elements that must be treated as Confidential or Sensitive Data due to Appalachian’s legal, contractual and risk-based objectives. If you are dealing with one of these data elements and evaluating new processes or storage and sharing options, then you need to contact the ITS Office of Information Security for review and assistance.
Secure File Storage & Sharing Guidelines
About
- The data classifications listed below are recommended categories to help evaluate and differentiate University data based on associated risks.
- Note: Institutional records should be classified based on the data element(s) that would have the most restrictive classification.
- Data Management Standard: The object of this standard is to clearly define the roles, responsibilities and specific requirements needed to provide secure and optimal management of data to support the University's mission.
Data Classification Level | Description of Classification Level | Secure Storage & File Exchange | Insecure Methods |
---|---|---|---|
Confidential (High Security) | Data whose unauthorized disclosure and/or loss of control would reasonably result in significant financial losses, unacceptable risks or impairment to the efficient conduct of the University mission. Confidential Data often have these attributes:
Examples:
Compliance Areas: | Approved Storage App State Confidential Data should only be stored on authoritative data sources or approved storage solutions. At a shared services level this includes: Secure Exchange App State Confidential Data should only use approved file-sharing solutions: | Confidential data should NEVER be stored or shared via:
|
Sensitive Data (Medium Security) | Data that is considered private and must be protected, but has a lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data. Sensitive Data often have these attributes:
| Approved Storage
Secure Exchange | Sensitive data should NEVER be stored or shared via:
|
Internal Data (Standard Security) | Data that is proprietary or produced only for use by members of the University community who have a legitimate purpose to access such data. Internal Data often have these attributes:
| In general, App State Internal Data should only be stored and shared via University-owned, maintained, or purchased devices, solutions, and services. | In general, Internal data should not be stored or shared via:
|
Public Data (Minimum Security) | Institutional information that has few restrictions or is intended for public use. | There are no security restrictions or guidance needed for Public Data. |