DoIT 02 07 - Information Classification and Security Policy
Click here to download a MS Word file.
Effective date: April 19, 2007; Revised date: September 18, 2009
The University of North Carolina at Pembroke recognizes the strategic value of the data it collects and uses. The university also recognizes its responsibility to ensure the appropriate use, security, reliability and integrity of this data; to safeguard it from accidental or unauthorized access, modification, disclosure, use, removal or destruction; and to comply with relevant federal and state legislations.
This policy will provide the general framework to classify, manage and protect data collected, used or stored by UNCP.
This policy applies to all data, whether collected, processed or stored in electronic or other forms (hereinafter “University Data”). It applies to all documents, media, records, reports, files, messages, etc.
This policy does not to apply to creative works, including software, art, music, etc., that are addressed by the university’s Copyright Policy (UNCP Faculty Handbook, http://www.uncp.edu/aa/handbook) unless said creative work includes or contains University Data. In the latter case, this policy shall apply to the University Data included or contained within the creative work, but not the remaining portions of the creative work.
This policy does apply to data collected, used, processed or stored by the university under a grant or contractual agreement unless said grant or agreement assigns ownership of the data to an entity other than the university.
This policy does not apply to data owned by a separate entity that the university has purchased or leased the right to use.
Protected Data – University Data to which access is limited by federal or state law or regulation, or by university policy.
Sensitive Data – University Data which is not addressed by federal or state law or regulation, or by other university policy, but which should nevertheless have limited access due to its nature.
Public Data – University Data that is not classified as protected data or sensitive data. Public data is available under state public records laws. See, e.g., N.C.G.S. Sec. 132-1, et seq.
The university shall develop specific safeguards for all protected and sensitive data. The university shall make information about data in these classifications, and the relevant safeguards available, to all faculty, staff, students, temporary employees, vendors, contactors, etc., as necessary.
The university may develop additional policies to further manage or secure subsets of University Data. In the case of conflicts between this and such additional policies, the most restrictive policy shall apply.
The Chancellor and his or her designees shall be responsible for the implementation of this policy.
The vice chancellors and other members of the Executive Staff are responsible for the procedures and processes within their respective division or area to comply with this policy’s security directives concerning University Data.
Each member of the campus community, including faculty, staff, students, temporary workers, contactors, etc., has the responsibility to report to his or her supervisor or to DoIT any attempt to gain unauthorized access to protected or sensitive data.
VI. Range of Disciplinary Sanctions
Persons in violation of this policy are subject to a full range of sanctions, including, but not limited to, disciplinary action or dismissal from The University of North Carolina at Pembroke. Any sanctions against employees will be imposed through procedures consistent with any applicable state regulations. Some violations may constitute criminal or civil offenses, as defined by local, state and federal laws, and the university may prosecute any such violations to the full extent of the law.
Updated: Friday, December 4, 2009
© The University of North Carolina at Pembroke
PO Box 1510 Pembroke, NC 28372-1510 • 910.521.6000