Information Security Classification

Overview

Acadia University is responsible for ensuring the availability, confidentiality, and integrity of all information to which it is entrusted. University data and information, whether managed and residing on university information technology resources, stored on personal devices, managed by a third party or an operations partner, or outsourced to a service provider, is an important asset that must be governed, protected, and appropriately safeguarded.  

Improper use of the university’s data and information may result in harm to the university, its faculty, staff, students, and alumni. This harm could impact the university’s mission of teaching and learning, research, and service delivery. It exposes the university to criminal, financial and reputational risks. Members of the university community have the responsibility to appropriately use, maintain, and safeguard, university data. 

 

Classifications

Acadia University Information Security Classifications help members of the university to identify, understand, manage, and use university data appropriately. The classifications are meant to be used in conjunction with any applicable compliance requirements, such as the Nova Scotia Freedom of Information and Protection of Privacy Act or the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans.

The Classifications are contained in the document associated with this article. 

There are 4 Classifications:

Restricted                                            

Data of a highly sensitive or confidential nature which is intended for restricted internal use. Unintended disclosure of such information is serious and has severe or adverse effect on an individual, a group or institutional operations, assets, or reputation. Access to data is restricted to specific legitimate use cases.

Limited Data of a sensitive or confidential nature which is intended for limited internal use. Unintended disclosure of such information has moderate effect on an individual, a group or institutional operations, assets, or reputation. Access to data is generally limited to individuals in specific job functions.
Internal Data that is available to those members of the university community or research project team with a clear need for access as part of their employment, academic, or research duties and responsibilities. Unintended disclosure of such information has minimal or no effect on an individual, a group or institutional operations,
assets or reputation. Access to data is provided based on a person’s relationship with the University. 
External (Public)                Data that is (or can be) generally available to all employees, the general public, and the media. Unintended disclosure of such information has no effect on an individual, a group or institutional operations, assets or reputation.

 

Details

Article ID: 1008
Created
Mon 1/18/21 11:00 AM
Modified
Mon 4/11/22 9:26 AM