Dear OneIT Colleagues, UISLs, and UITRLs,
We are writing to share a proposed update of the campus Data Classification Standard. The Data Classification Standard is the campus framework for assigning risk levels to institutional information and IT resources. It currently includes two classification categories: Protection Level and Availability Level.
The update makes the following changes:
-
Adds Recovery Level (RL) from IS-12, the systemwide IT Recovery Policy, so all of the IT classification scales (Protection Level, Availability Level, and Recovery Level) will be together in one campus standard;
-
Provides campus-specific clarifications around applicability of Recovery Level, plus examples of each level;
-
Changes the title of the Standard from “Data Classification Standard” to “IT Classification Standard” in recognition that what is being classified isn’t only data anymore.
Please see the proposed revision here.
Background: Recovery Level did not exist when the current incarnation of Berkeley’s Data Classification Standard was developed. Feedback from the MSSEI update and review process included a recommendation to incorporate Recovery Level into Berkeley’s information security standards where applicable in order to create a more holistic approach to information security and classification. Adding Recovery Level to the Data Classification Standard will support this goal, creating a single point of reference for all of UC’s IT classification dimensions in a campus-specific context.
Comments and feedback are welcome! Please email iso@berkeley.eduby May 8, 2024 with any feedback.
Regards,
Allison Henry, Chief Information Security Officer
Julie Goldstein, Information Security Policy Program Manager