This policy establishes a framework for classifying institutional data based on how sensitive, valuable and critical it is to the University, as required by the University's Information Security Policy. Classification of data helps decide on baseline security controls to protect data.
Read the Data Classification Policy in the Iowa State policy library.
Considerations for evaluating the potential adverse business impact to the campus due to loss of data confidentiality or integrity include:
- Loss of critical campus operations
- Negative financial impact (money lost, lost opportunities, value of the data)
- Damage to the reputation of the campus
- Potential for regulatory or legal action
- Requirement for corrective actions or repairs
- Violation of University or campus mission, policy, or principles