Skip To Main Content
Site Name Here
MenuSearchA-ZSeven Schools One UniversitySeven Schools One University

Menu

  • Give
  • Apply
  • Visit
Close Menu
About
  • Administrative Offices
  • Campus Maps
  • Core Values
  • Fast Facts
  • Travel and International Services
  • Other USM Schools
  • Policies and Procedures
  • Strategic Plan
  • Sustainability
  • Middle States
  • MPowering the State
  • News
  • University Leadership
  • UMB Experts Guide
Academics
  • Academic Calendar
  • Academy of Lifelong Learning
  • Blackboard
  • Libraries
  • Office of the Provost
  • SURFS
  • UMB Program Explorer
Admissions
  • Financial Aid
  • International Students
  • Military and Veterans
  • Office of the Registrar
Research
  • Breakthroughs Can’t Wait
  • Offices and Contacts
  • Resources for Investigators
  • Services for Investigators
  • UMB Research Profile
University Life
  • Arts and Culture
  • Bookstore
  • Emergency
  • Housing
  • Museums
  • Parking and Transportation Services
  • Rooms Available on Campus
  • SMC Campus Center
  • Student Organizations
  • Student Policies
  • URecFit and Wellness
  • UMB shuttle
  • Welcome to Baltimore
  • One Card
Info For
  • Current Students
  • Faculty and Staff
  • Alumni and Donors
  • Community Members
Resources
  • The Elm
  • Calendar
  • myUMB
  • Directory
  • Blackboard
  • SURFS
  • Emergency
  • UMB Shuttle
Seven Schools One University

Search

Close Menu
Common Searched Terms
  • Graduation 2025
  • Campus Tour
  • Jobs at UMB
  • Parking
  • Tuition Remission
  • Registrar
  • Qualtrics
  • Human Resources
  • URecFit and Wellness
  • Tuition
  • Help Desk

A–Z

Close Menu
    Policies and Procedures

    Information Technology Policies

    1. UMB Home
    2. About UMB
    3. Policies and Procedures
    4. Library
    5. Information Technology
    6. Information Technology Policies
    • UMB HomeAbout UMBPolicies and ProceduresLibraryInformation TechnologyInformation Technology Policies
    • Information Technology Policies
    • Information Technology Procedures

    UMB Data Classification Policy

    X-99.06(A)  |  Information Technology  |  Approved April 13, 2015  |  Last Reviewed April 30, 2024

    Responsible VP/AVP: Peter J. Murray, PhD, CAS, MS

    Applies to: Faculty, Staff

    Revision History

    Approved April 13, 2015.

    Policy Statement

    Data and information are important assets of the University and must be protected from loss of integrity, confidentiality, or availability in compliance with University policy and guidelines, Board of Regents policy, and state and federal laws and regulations.  

    The purpose of this document is to provide guidance in  complying with Section VII, Items 3 & 4, Data Classifications and Storage, of the USM Guidelines in Response to the State IT Security Policy.  This section states that USM institutions are required to implement formal controls on all institutionally owned systems that store and/or access nonpublic information. 

    Policy

    All University Data must be classified according to the UMB Classification Schema and protected according to UMB Data Security Standards. This policy applies to data in all formats or media.

    Data Classification Schema

    Data and information assets are classified according to the risks associated with data being stored or processed. Data with the highest risk need the greatest level of protection to prevent compromise; data with lower risk require proportionately less protection. Four levels of data classification will be used to classify University Data based on how the data are used, its sensitivity to unauthorized disclosure, and requirements imposed by external agencies.

    Data are typically stored in aggregate form in databases, tables, or files. In most data collections, highly sensitive data elements are not segregated from less sensitive data elements. For example, a student information system will contain a student's directory information as well as their social security number. Consequently, the classification of the most sensitive element in a data collection will determine the data classification of the entire collection.

    UMB Data Classifications:

    Level 0 – Public - Non-critical data (i.e., public directory information).  Data explicitly or implicitly approved for distribution to the public where there is little institutional risk associated with this system due to security.

    Level 1 – Internal - Data intended for internal University use.  Applications or services that support academic instruction, research data or general communications that do not contain sensitive information.

    Level 2 – Confidential - Critical data, systems, applications or services related to or supporting the commitment or management of UMB financials, student data, research, and those systems containing sensitive information (i.e. name, SSN or other combination or personal identifiers) which if compromised could be used to commit identity theft.

    Level 3 – Regulated - Highest risk data, systems and applications or services that have externally mandated IT compliance requirements such as those containing information covered by HIPAA or PCI.  Failure to comply with these externally mandated IT Security requirements would result in serious financial, legal and/or reputational harm to individuals and/or the University.

    Any department that has access to data that are classified as Level 2 or higher will be required to work with the IT Security Officer to complete the Risk/Vulnerability Assessment


    • Back to Information Technology Policies

    University of Maryland Baltimore

    The University of Maryland, Baltimore is the founding campus of the University System of Maryland.

    620 W. Lexington St., Baltimore, MD
    21201 | 410-706-3100

    • The Elm
    • Calendar
    • Emergency
    • Mobile UMB
    • UMB Shuttle
    • myUMB
    • Directory
    • IT Help Desk
    • Facilities Work Request
    • Jobs
    • Middle States
    • Strategic Plan
    • Sustainability
    • Clery Report
    • UMB Hotline
    • Facebook
    • Twitter
    • Instagram
    • LinkedIn
    • YouTube
    The University of Maryland, Baltimore prohibits sex discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. Read the UMB Notice of Non-Discrimination.
    © 2024-2025 University of Maryland, Baltimore. All rights reserved.
    • Privacy Policy
    • Web Accessibility
    • Web Feedback
    • Non-Discrimination