海角社区

Printable Version in PDF Format ()

Table of Contents

• History
• Purpose
• Background
• Business Practice
  • Accountability
  • Applicability
  • Definition(s)
  • Text
• Exhibit(s)
  • Assessment History

History [top]

• Business Practice Number: BP.05.001
• Version: 3
• Drafted By:Carlos Miranda
• Approved By:James August
• Approval Date: 03/07/2013
• Latest Revision Date: 02/21/2025

Purpose [top]

Describe the responsibilities of designated information asset owners.

Background [top]

Channel Islands must develop and maintain a data classification standard that meets or exceeds the 海角社区 Data Classification Standard. Campuses must maintain an inventory of information assets containing level 1 or level 2 data as defined in the 海角社区 Data Classification Standard. These assets must be categorized and protected throughout their entire life cycle, from origination to destruction. These assets must have a designated owner whose responsibilities include classification, security requirements and management of their designated information assets.

Business Practice [top]

Accountability [top]

AVP for Information Technology Services (CIO)
Chief Information Security Officer (CISO)

Applicability [top]

All designated information asset owners, and all University consumers of information assets who have access to level 1 and level 2 confidential data.

Definition(s) [top]

1. Information Asset - An information asset is stored information that is considered 鈥渧aluable鈥� by an organization.
2. Information Asset Steward 鈥� The party(ies) responsible for managing an information asset including defining the security requirements that are proportionate to the value of the information asset.

Text [top]

General

Each campus must develop and maintain a data classification standard that meets or exceeds the
requirements of the 海角社区 Data Classification Standard.

Campuses must maintain an inventory of information assets containing level 1 or level 2 data as defined
in the 海角社区 Data Classification Standard. These assets must be categorized and protected throughout
their entire life cycle, from origination to destruction.

The designated owner of information assets that store protected data is responsible for:

1. Classifying the information asset according to the campus Data Classification Standard.
2. Defining security requirements that are proportionate to the value of the information asset.
3. Managing the information asset according to the requirements described in the campus
   Information Asset Management Standard and the .

Critical or protected data must not be transferred to another individual or system without approval of the
designated data owner. Before critical or protected data is transferred to a destination system, the data
owner should establish agreements to ensure that authorized users implement appropriate security
measures.

Exhibit(s) [top]

Designated data stewards by data category.

Assessment History [top]