Skip to Main Site Navigation Skip to Top Navigation Skip to Search Skip to Quick Links Skip to Content Skip to Footer Skip To Left Navigation

Information Classifications

It is the responsibility of the College to classify the information it collects by level of risk if the information was shared, deleted, or stolen. Information is stored and protected according to its designated risk level. CSI collects information under three categories of risk: Low Risk, Moderate Risk, and High Risk.

Low Risk

Encompasses public information and data for which disclosure poses little to no risk to individuals and/or the university. Anyone regardless of institutional affiliation can access without limitation.

Medium Risk

Disclosure of Moderate-Risk Information could cause limited harm to individuals and/or the university with some risk of civil liability. This category is either subject to contractual agreements or regulatory compliance, or is individually identifiable, confidential, and/or proprietary.

High Risk

Disclosure of High-Risk Information could cause significant harm to individuals and/or the university, including exposure to criminal and civil liability. This category is usually subject to legal and regulatory requirements due to information that are individually identifiable, highly sensitive, and/or confidential.

Information Classification Examples

Use the examples below to determine which risk classification is appropriate for a particular type of information. When mixed information falls into multiple risk categories, use the highest risk classification across all.

Low Risk

  • Course catalogs
  • College directory information
  • Information off public college websites
  • Published research
  • Public awards
  • Any other public information

Medium Risk

  • Building plans
  • Donor and volunteer information
  • Employee records
  • Immigration documents
  • FERPA protected information
  • Public safety information
  • Nonpublic financial information
  • (Most forms of PII fall in this class)

High Risk

  • Credit Card Numbers
  • Cybersecurity defenses
  • User Credentials
  • Employee Medical History
  • Direct Deposit Information
  • Social Security Numbers
  • Driver’s license numbers
  • HIPAA information

Approved Services

This table indicates which classifications of information are allowed on a selection of commonly used CSI IT services.
CSI Approved Services Low Risk Mod. Risk High Risk
Audio and Video Conferencing: Zoom, Microsoft Teams Approved for low risk data Approved for moderate risk data Approved for high risk data
Calendar: Office 365 Approved for low risk data Approved for moderate risk data Not approved for high risk data
Cloud Infrastructure: Amazon Web Services, Microsoft Azure Approved for low risk data Approved for moderate risk data Approved for high risk data
Content Management: Cascade CMS Approved for low risk data Approved for moderate risk data Not approved for high risk data
Content Management: Sharepoint Online Approved for low risk data Approved for moderate risk data Approved for high risk data
Database Hosting: Microsoft SQL Approved for low risk data Not approved for moderate risk data Not approved for high risk data
Document Management: Office 365 Approved for low risk data Approved for moderate risk data Approved for high risk data
Email: Office 365, Outlook, Exchange Online Approved for low risk data Approved for moderate risk data Approved for high risk data
Encryption: Microsoft Azure, MDM Compliant Device, SWDE Compliant Device Approved for low risk data Approved for moderate risk data Approved for high risk data
File Storage: OneDrive Approved for low risk data Approved for moderate risk data Approved for high risk data
File Storage: Secure AFS, Secure File Storage Approved for low risk data Approved for moderate risk data Approved for high risk data
Forms: Form Builder Approved for low risk data Approved for moderate risk data Not approved for high risk data
Instant Messaging: Microsoft Teams Approved for low risk data Approved for moderate risk data Not approved for high risk data
File Security: Network Access Control Approved for low risk data Approved for moderate risk data Approved for high risk data
Messaging: Twilio Approved for low risk data Approved for moderate risk data Not approved for high risk data
Instant Messaging: Microsoft Teams Approved for low risk data Approved for moderate risk data Not approved for high risk data
Print Services: Papercut, Microsoft Print Services Approved for low risk data Approved for moderate risk data Approved for high risk data
Project Management: Dynamics 365 Project Operations Approved for low risk data Approved for moderate risk data Not approved for high risk data
Records Management: OnBase Hyland Approved for low risk data Approved for moderate risk data Approved for high risk data
Service Management: Freshservice Approved for low risk data Approved for moderate risk data Approved for high risk data
SurveyTools: Qualtric, Microsoft Forms Approved for low risk data Approved for moderate risk data Approved for high risk data