Data Classification Standard

The UNSW Data Classification Standard is a framework for assessing data sensitivity, measured by the adverse business impact a breach of the data would have upon the University. This standard for the University community has been created to help effectively manage information in daily mission-related activities. 

Determining how to protect and handle information depends on a consideration of the information’s type, importance, and usage. The standards outline the minimum level of protection necessary when performing certain activities, based on the classification of the information being handled.

The classification applies to University employees (faculty, staff, student employees) and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their handling of University data, information and records in any form (paper, digital text, image, audio, video, microfilm, etc.) during the course of conducting University business (administrative, financial, education, research or service).

Data Controllers and System Managers at UNSW are required to determine the data classification for the systems and data repositories for which they have responsibility. Such assessment should be done at least bi-annually. The data classification assessment will then determine how the UNSW Data Handling Guidelines apply to the system or data repository that has been classified. Following are the steps required to complete the data classification process for UNSW systems or data repositories. The process of data classification is governed by the UNSW Link to the Data Governance Policy or the Research Data Governance & Materials Handling Policy.

Here is a link to the Data Classification Standard.

More information regarding Data Classification is available on the Data & Information Governance intranet.