Skip to main content

University of Houston System

  1. UH System
  2. Offices
  3. Information Security
  4. Cybersecurity Resources and Support
  5. Level 1 Data

Offices

Level 1 Data

What is data classification:  The University of Houston System (UHS) defines its data classifications in SAM 07.A.08 - Data Classification and Protection.  These classifications help you understand how you need to protect the data.

Why it matters:  The above data classification types are used to identify data that mission critical and should have extra protections because it could include personal, or instituional data goverened by state and/or federal laws.  Unauthorized access, disclosure, or lossof this data can lead to identity theft, legal penalties, loss of funding, and damage the instituion's reputation.  Ensuring the security of Level 1 data essential for compliance reasons, but also to maintain the trust of our customers, staff and faculty and our research partners.

Data classifications:  The UHS has three data classifications.

  • Level 1: Data such as students records (FERPA), health information (HIPAA), financial information (GLBA), personally identifiable information (PII), or mission critical information that is essential to university operations.  Some examples include: transcripts, grade reports, medical/immunization records, student financial aid, social security/drivers license numbers, or research data tied to grants or external agreements
  • Level 2: Information covered under the Texas Public Information Act, such as personnel records, digital communications like emails, text messages and voicemails, as well as procurement and bidding documents.
  • Level 3: Information available in the public domain like external university websites, flyers or press releases

How to protect Leve 1 data: To protect Leve 1 data, consider the confidentiality (who has access), integrity (how do you ensure that the data has not been altered), and availability (can you access the data when you need to).  At a minimum, you must:

  • Run a supported operating system withall relevant updates and security patches
  • Install the UHS provided endpoint protection software
  • Only grant access to authoried personnel
  • Disable/remove any unnecessary or inactive accounts
  • Enable logging for audit/security logs
  • Securely dispose of the data using a secure destruction method

Unsure what level your data is? If you are unsure what level data you are working with, please treat the data as Leve 1 data and contact UHS Information Security for additional guidance.

Learn more: