- The data classifications listed below are recommended categories to help evaluate and differentiate University data based on associated risks.
- Download summary PDF: One page PDF summary of our Data Classification Guidance
- Please Note: Institutional records should be classified based on the data element(s) that would have the most restrictive classification.
|Data Classification Level||Description of |
|Secure Storage & File Exchange||Insecure Methods|
|Confidential (High Security)|
Data whose unauthorized disclosure and/or loss of control would reasonably result in significant financial losses, unacceptable risks, or impairment to the efficient conduct of the University mission.
Confidential Data often have these attributes:
ASU Confidential Data should only be stored on authoritative data sources or approved storage solutions. At a shared services level this includes:
ASU Confidential Data should only use approved file sharing solutions:
Confidential data should NEVER be stored or shared via:
Sensitive Data (Medium Security)
Data that is considered private and must be protected, but has lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data.
Sensitive Data often have these attributes:
Sensitive data should NEVER be stored or shared via:
|Internal Data |
Data that is proprietary or produced only for use by members of the University community who have a legitimate purpose to access such data.
Internal Data often have these attributes:
In general, ASU Internal Data should only be stored and shared via University owned, maintained, or purchased devices, solutions, and services.
In general, Internal data should not be stored or shared via:
|Public Data |
Institutional information that has few restrictions or is intended for public use.
There are no security restrictions or guidance needed for Public Data.