Data stored in electronic or digital systems must be carefully managed and secured to prevent loss or unauthorized release of such data. Information Technology Services (ITS) has specific responsibility for the security of much of Memorial’s confidential and private data and, in order to meet this responsibility, ITS develops defenses with:
ITS' Data Classification Policy is a unit-specific policy applicable to administrative data for which ITS is entrusted with custody. It provides a framework for classifying administrative data according to their level of sensitivity and defining the roles, responsibilities and in some cases the technologies for safeguarding the privacy, security, availability, and integrity of the data.
In each case, where data is entrusted to ITS, the unit-specific policy requires that the data steward (i.e. the business unit responsible for the definition and collection of the data) works with ITS as custodian to classify the data as:
For guidelines on classifying data and examples, click here.
ITS will then build the appropriate protections and safeguards necessary for the data. The unit-specific policy also defines the various roles associated with Data Classification which are:
As part of ITS' systems and operations processes (SDLC & OPM) a Chart of Authorities (COA) is developed to ensure that all roles and responsibilities are assigned and clear. For a more detailed definition of the various roles, please click here.
The full, unit-specific policy can be found here (.pdf).