As part of a continuing effort to safeguard the university’s most sensitive data, OIT coordinated a major revision to REG 08.00.03 – Data Management Procedures that:
- explains how the university defines what data are sensitive and need to be handled with extra care,
- describes the flow of authority for all university data, and
- characterizes five new levels of data classification:
- Purple: Ultra-sensitive,
- Red: Highly sensitive,
- Yellow: Moderately sensitive,
- Green: Normal, not sensitive, and
- White: Unclassified.
Because the management of sensitive data can be a complex and highly interpretive task, OIT has published the Data Sensitivity Framework, a complement of supporting documentation intended to help the university community interpret and apply the regulation.
Where to go for help
- If you are an end user, Data Management Procedures – Summary and Guidance, Storage Locations for University Data, and Frequently Asked Questions – Data Management Procedures provide an overview to help you understand the classes of university data you’re working with and the places you can (and cannot) store them.
- If you have a university data element that you think is sensitive and wonder at what level it should be classified, seeDetermining Sensitivity Levels for Shared Data.
- If you need to know who’s responsible for university data, see Data Categories, Trustees, Stewards and Custodians.
- If you are a Data Steward, Application Sponsor, Data Custodian, or IT support person review Controls for Securing University Data – Best Practices to help you determine how best, in practice, to protect sensitive data you’re handling.
Data sensitivity is an issue that raises many questions, and these documents will help you begin to resolve those questions. If you need additional assistance, please contact security@ncsu.edu.