Data Classification. DST must assign a classification rating that indicates the level of protection that should be applied when Fund Confidential Information is stored, processed, accessed, or transmitted. This includes identifying paper, electronic and other records, computing systems, and storage media, including laptops and portable devices used to store Fund Confidential Information, except where the WISP provides for the handling of all records as if they all contained Fund Confidential Information.
Data Classification. A. The State classifies data into categories based on the sensitivity of the data pursuant to the Security policy and standards promulgated by the Office of the state of Washington Chief Information Officer. (See Section 4, Data Security, of Securing IT Assets Standards No. 141.10 in the State Technology Manual at xxxxx://xxxx.xx.xxx/policies/141-securing-information-technology-assets/14110- securing-information-technology-assets. Section 4 is hereby incorporated by reference.)
Data Classification. The Data Classification category set forth in Schedule A is revised from “Internal Use” to “Secret”.
Data Classification. The State classifies data into categories based on the sensitivity of the data pursuant to the Security policy and standards promulgated by the Office of the state of Washington Chief Information Officer. (See Section 4, Data Security, of Securing IT Assets Standards No. 141.10 in the State Technology Manual at xxxxx://xxxx.xx.xxx/policies/141-securing-information- technology-assets/14110-securing-information-technology-assets. Section 4 is hereby incorporated by reference.) The Data that is the subject of this Contract is classified as indicated below: ☐ Category 1 – Public Information Public information is information that can be or currently is released to the public. It does not need protection from unauthorized disclosure, but does need integrity and availability protection controls. ☐ Category 2 – Sensitive Information Sensitive information may not be specifically protected from disclosure by law and is for official use only. Sensitive information is generally not released to the public unless specifically requested.
Data Classification. The Hosted Environment maintains SSAE-16 SOC 2 certification/ISO27001 compliance as a facility housing CUI (Controlled Unclassified Information) data based on the DOJ assessment using NIST 800-53 guidelines for FISMA (Federal Information Standards Management Agency) standards. (SC Information Service = [(confidentiality, MODERATE), (integrity, LOW), (availability, LOW)].
Data Classification. A. SVHC will define a data classification scheme which classifies data with respect to levels of sensitivity and confidentiality of the data. Security mechanisms for storage, transmission, handling, and destruction must be implemented to have a direct correlation to the classification of the data.
Data Classification. PowerSchool classifies data as public, private, or restricted, with restricted requiring the highest level of care and security.
Data Classification. In the course of providing services under this SOW, Contractor will gain access or potential access to certain information assets of the Commonwealth which may require certifications, background checks, or other additional requirements. Data Type Applicable Laws and Regulations Additional Requirements ☐ Personally Identifiable Information M. G. L. c. 93H M. G. L. c. 66A M. G. L. c. 93I ☐ Payment Card Information PCI Standards ☐ Family Educational Rights and Privacy Act data Family Educational Rights and Privacy Act ☐ Protected Health Information Health Insurance Portability and Accountability Act of 1996 See attached Commonwealth of Massachusetts Executive Office of Health and Human Services Data Management and Confidentiality Agreement. ☐ Federal Tax Return Information Publication 1075 Commonwealth Dept. of Revenue Standard Forms See attached Publication 1075 Exhibit 7 and Commonwealth Dept. of Revenue standard forms. Contractor will submit to Commonwealth Dept. of Revenue certification including a background check of employees with access or potential access to Federal Tax Return Information. Contractor will assist the Commonwealth in applying for any necessary Federal approvals. ☐ Criminal Offender Record Information FBI Security Addendum NCIC 2000 Operating Manual CJIS Security Policy Title 28, CFR Part 20 See attached Memorandum of Agreement. Contractor will submit to the Dept. of Criminal Justice Information certification including a background check of employees with access or potential access. ☐ Criminal Justice Information FBI Security Addendum NCIC 2000 Operating Manual CJIS Security Policy Title 28, CFR Part 20 See attached Memorandum of Agreement. Contractor will submit to the Dept. of Criminal Justice Information certification including a background check of employees with access or potential access. ☐ Social Security Administration Data Privacy Act 5 U.S.C. 552a s. 1106 Contractor will submit to Commonwealth certification including a background check of employees with access or potential access to Social Security Administration Data. Contractor will assist the Commonwealth in applying for any necessary Federal approvals. ☐ Other Contractor certifies that its products or services, as provided under this SOW, meet all applicable legal and regulatory requirements pertaining to the identified data types indicated above. Contractor agrees to enter into additional agreement(s), as reasonably requested by the Commonwealth prior to gaining access, or...
Data Classification. The State classifies data into categories based on the sensitivity of the data pursuant to the Security policy and standards promulgated by the Office of the Chief Information Officer. (See Section 4, Data Security, of Securing IT Assets Standards No. 141.10 in the State Technology Manual at xxxx://xxx.xx.xxx/ocio/policies/manual.asp) The Data that is the subject of this DSA is classified as indicated below: Check the appropriate box(es) ☐ Category 1 – Public Information Public information is information that can be or currently is released to the public. It does not need protection from unauthorized disclosure, but does need integrity and availability protection controls. ☐ Category 2 – Sensitive Information Sensitive information may not be specifically protected from disclosure by law and is for official use only. Sensitive information is generally not released to the public unless specifically requested.
Data Classification. All University Data is subject to a risk-based data classification standard maintained by the ISO and must be protected accordingly. Classifications are Confidential Data, Controlled Data, and Public Data. Data classification is the primary factor for establishing necessary security controls. Additional controls may be warranted for systems where integrity, availability, and/or accountability requirements are more critical than the requirements for confidentiality. Back to Top General UT Dallas Information Systems are provided for the purpose of conducting the business of UT Dallas and/or UT System. However, Users are permitted to use UT Dallas Information Systems for use that is incidental to the User's official duties to UT Dallas or UT System (Incidental Use) as permitted by this Policy. Users have no expectation of privacy when using UT Dallas Information Systems except as otherwise provided by UT Dallas's Privacy Policy and applicable privacy laws. UT Dallas has the authority and responsibility to access and monitor UT Dallas Information Systems for purposes consistent with UT Dallas's duties and mission. University Data created or stored on a User's personally owned computers, mobile computing devices, removable storage devices, or in databases that are not part of UT Dallas's Information Systems are subject to Public Information Requests, subpoenas, court orders, litigation holds, discovery requests and other requirements applicable to UT Dallas Information Systems. The table below is provided to help Users understand the expectations associated with various scenarios involving data and computing devices: UT Dallas Information Systems Personally Owned Computing Device University • In scope for this Policy Data • In scope for this Policy • ISO, OIT, and/or Decentralized IT may have visibility in the course of performing job responsibilities – Users have no expectation of privacy • UT Dallas has an interest in University Data • ISO has no monitoring capability, nor intent to pursue such capability • UT Dallas has an interest in University Data, and User is required to cooperate if an investigation of possible risk to University Data is initiated • UT Dallas has no interest in personally owned data, though personally owned data may be visible to UT Dallas personnel in the course of performing an investigation Personally • In scope for this Policy owned • Users are discouraged from placing University Data onto personally owned computing devices • Out of...
