ROWAN UNIVERSITY POLICY
Title: Information Classification Policy
Subject: Information Security
Policy No: ISO:2013:
...
08
Applies: University-Wide
Issuing Authority:
...
Senior Vice President for Information Resources and Technology and Chief Information
...
Officer
Responsible Officer:
...
Director of Information Security
Adopted: 07/01/2013
Amended: 06/01/2014
Last Revision:
...
07/
...
02/
...
2018
I. PURPOSE
To ensure that University information is properly identified and classified, and handled according to its value, legal requirements, sensitivity, and criticality to the University. To ensure that the University’s information receives appropriate and consistent levels of protection to safeguard its Confidentiality, Integrity, and Availability.
...
Under the direction of the President, the Chief Information Officer and the Chief Director of Information Security Officer shall implement and ensure compliance with this policy. The Vice Presidents, Deans, and other members of management will implement this policy in their respective areas.
...
B. Information must be classified and handled according to its value, legal requirements, sensitivity, and criticality to the University. Protection levels must be established and implemented relative to the information’s classification, ensuring against unauthorized access, modification, disclosure, and destruction. For information governed by law and regulations (such as protected health information, student records, and personally identifiable information), the protection levels must satisfy the data security and data privacy requirements.\
C. Vice Presidents and Deans shall:
...
Violation of this policy may subject the violator to disciplinary actions, up to or including termination of employment or dismissal from a school, and may subject the violator to penalties stipulated in applicable state and federal statutes.
...
By Direction of the CIO:
__________________________________
Mira Lalovic-Hand,
VP SVP and Chief Information Officer