Policies and Regulations
Policies and Regulations
UNCP Home About UNC Pembroke Administration Policies and Regulations Official Policies POL 08.00.04 - Information Classification and Security Policy
  • FONT SIZE
  • A
  • A

POL 08.00.04 - Information Classification and Security Policy

NOTICE: This policy/regulation is presented in its format as of the date of posting to this website. The university is in the process of conducting a thorough review of all its policies and regulations. This policy has not yet been reviewed/vetted in accordance with REG 01.20.01.

Authority:

History:

  • First issued April 19, 2007 
  • Revised: September 18, 2009

 
Related Policies:

 
Additional References:

 
Contact Information: Associate Vice Chancellor for Information Resources and CIO, (910.775.4355)

1. PURPOSE

1.1 The University of North Carolina at Pembroke recognizes the strategic value of the data it collects and uses. The university also recognizes its responsibility to ensure the appropriate use, security, reliability and integrity of this data; to safeguard it from accidental or unauthorized access, modification, disclosure, use, removal or destruction; and to comply with relevant federal and state legislations.

1.2 This policy will provide the general framework to classify, manage and protect data collected, used or stored by UNCP.

2. SCOPE

2.1 This policy applies to all data, whether collected, processed or stored in electronic or other forms (hereinafter “University Data”). It applies to all documents, media, records, reports, files, messages, etc.

2.2 This policy does not to apply to creative works, including software, art, music, etc., that are addressed by the university’s Copyright Policy unless said creative work includes or contains University Data. In the latter case, this policy shall apply to the University Data included or contained within the creative work, but not the remaining portions of the creative work.

2.3 This policy does apply to data collected, used, processed or stored by the university under a grant or contractual agreement unless said grant or agreement assigns ownership of the data to an entity other than the university.

2.4 This policy does not apply to data owned by a separate entity that the university has purchased or leased the right to use.

3. DEFINITIONS

3.1 Protected Data. University Data to which access is limited by federal or state law or regulation, or by university policy.

3.2 Sensitive Data. University Data which is not addressed by federal or state law or regulation, or by other university policy, but which should nevertheless have limited access due to its nature.

3.3 Public Data. University Data that is not classified as protected data or sensitive data. Public data is available in accordance with NCGS §132-1.

4. POLICY

4.1 The university shall develop specific safeguards for all protected and sensitive data. The university shall make information about data in these classifications, and the relevant safeguards available, to all faculty, staff, students, temporary employees, vendors, contactors, etc., as necessary.

4.2 The university may develop additional policies to further manage or secure subsets of University Data. In the case of conflicts between this and such additional policies, the most restrictive policy shall apply.

5. RESPONSIBILITIES

5.1 The chancellor and his or her designees shall be responsible for the implementation of this policy.

5.2 The vice chancellors and other members of the Executive Staff are responsible for the procedures and processes within their respective division or area to comply with this policy’s security directives concerning University Data.

5.3 Each member of the campus community, including faculty, staff, students, temporary workers, contactors, etc., has the responsibility to report to his or her supervisor or to DoIT any attempt to gain unauthorized access to protected or sensitive data.

6. RANGE OF DISCIPLINARY SANCTIONS

6.1 Persons in violation of this policy are subject to a full range of sanctions, including, but not limited to, disciplinary action or dismissal from The University of North Carolina at Pembroke. Any sanctions against employees will be imposed through procedures consistent with any applicable state regulations. Some violations may constitute criminal or civil offenses, as defined by local, state and federal laws, and the university may prosecute any such violations to the full extent of the law.