Standard for Information Classification

I.  Purpose

The purpose of this standard is to set the requirement for the classification of university information resources.  Data should be classified in terms of its value, legal requirements, sensitivity, and criticality to the university. The goal is to assure university information resources receive the appropriate level of protection in order to avoid compromising the privacy rights of others or UNC Charlotte’s institutional rights or obligations.

II.  Scope

This standard applies to UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers or visitors accessing university owned or managed data, in physical or electronic format. 

III.  Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliance-group@uncc.edu.

IV.  Standard

In order to apply appropriate security measures for protecting university information resources, data must be evaluated and assigned the proper data classification level.  The value of any data and the impact on the university if the data is exposed or lost must be taken into consideration when assigning a data classification level.

Much of the data under UNC Charlotte’s control is classified as public data and can be shared without constraint.  However, some data is classified as non-public due to expectations or requirements of privacy or confidentiality. Every member of the UNC Charlotte community should be able to identify non-public data and follow appropriate security precautions to protect that data so as to avoid compromising the privacy rights of others or UNC Charlotte’s institutional rights or obligations.

Data Classification Levels

The data classification levels range from Level 0 (public) to Level 3 (highly restricted). As data classification levels increase from 0 to 3, more secure technical and procedural security requirements must be implemented. The four classification levels are:

  • Level 0 – Public
  • Level 1 – Internal
  • Level 2 – Confidential/Sensitive
  • Level 3 – Highly Restricted

The UNC Charlotte Guideline for Data Handling provides additional information regarding each data classification level as well as guidelines for appropriate handling of data based on the assigned data classification level.

Two-Factor Authentication

Employees with access to Level 2 or 3 data should register to use the university's two-factor authentication solution.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee   4/10/14
Updated   04/03/17