We are committed to maintaining the security, integrity and appropriate management of our data.
UNSW data is classified using the Data Classification Standard, a framework for assessing data sensitivity according to the adverse business impact a breach of the data would have on the University.
The Data Classification Standard has been updated to better align with Australian and NSW government data classification approaches.
To ensure our data is kept secure, we classify it and then only use or store it in applications, systems or platforms that have the right level of data protection.
For example, if data is classified as SENSITIVE, it can only be used or stored in an application, system or platform that meets the UNSW Cyber Security Standard requirements for SENSITIVE data.
There are now five levels of data classification at UNSW:
Classification | Impact on UNSW activities and objectives if the data was breached owing to accidental or malicious activity |
---|---|
HIGHLY SENSITIVE | High |
SENSITIVE | Medium |
RESTRICTED (formerly Private) | Low |
UNOFFICIAL (data that does not form part of official duty) | - |
PUBLIC | Insignificant |
The Data Classification Standard applies to all data, information and records created, collected, stored or processed by UNSW employees, in electronic or non-electronic formats.
Most data does not require increased security and may be marked PUBLIC or UNOFFICIAL. These classifications should be the default position for newly created material unless there is a specific need to protect the confidentiality of the information.
While the responsibility for classifying data ultimately rests with Data Controllers, it is important for everyone at UNSW to understand how and why UNSW classifies its data.
For further information about data classification at UNSW, see the Data Governance SharePoint site or contact the Data & Information Governance Office via email at datagov@unsw.edu.au.
- Log in to post comments