PLNU is committed to protecting the privacy of its students, alumni, faculty, and staff and the confidentiality, integrity, and availability of information important to the University's mission.
Classifications help determine how data should be handled based on sensitivity and risk level.
Low Risk
Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:
- The data is intended for public disclosure, or
- The loss of confidentiality, integrity, or availability of the data or system would have no adverse impact on our mission, safety, finances, or reputation.
Moderate Risk
Data and systems are classified as Moderate Risk if they are not considered to be High Risk, and:
- The data is not generally available to the public, or
- The loss of confidentiality, integrity, or availability of the data or system could have a mildly adverse impact on our mission, safety, finances, or reputation.
High Risk
Data and systems are classified as High Risk if:
- Protection of the data is required by law/regulation,
- PLNU is required to self-report to the government and/or provide notice to the individual if the data is inappropriately accessed, or
- The loss of confidentiality, integrity, or availability of the data or system could have a significant adverse impact on our mission, safety, finances, or reputation.
Data Risk Classification Examples
Use the examples below to determine which risk classification is appropriate for a particular type of data. When mixed data falls into multiple risk categories, use the highest risk classification across all.
Low Risk
- Information authorized to be available on or through PLNU's website without authentication
- Policy and procedure manuals designated by the owner as public
- Job postings
- Information in the public domain
- Publicly available campus maps
Moderate Risk
- Student records and admission applications
- Faculty/staff employment applications, personnel files, benefits, salary, birth date, personal contact info
- Non-public PLNU policies and policy manuals
- Non-public contracts
- Internal memos, email, non-public reports, budgets, plans, financial info
- University and employee ID numbers
High Risk
- Health Information, including Protected Health Information (PHI)
- Health Insurance policy ID numbers
- Social Security Numbers
- Credit card numbers
- Financial account numbers
- Export controlled information
- Driver's license numbers
- Passport and visa numbers
Approved Services
Use the following approved services to store and handle classified data securely:
| Service Name |
Low Risk |
Moderate Risk |
High Risk |
High Risk (PHI) |
| AdobeSign |
✔ |
✔ |
✔ |
✔ |
| Calendar (Google Calendar) |
✔ |
✔ |
|
|
| Canvas |
✔ |
✔ |
|
|
Cloud Infrastructure: Amazon Web Services
IMPORTANT: Only approved for High-Risk & PHI data with the provision set up by, configured, and managed by ITS. Only HIPAA-approved services allowed for PHI-containing cloud accounts. |
|
|
|
✔ |
| Coursedog |
✔ |
✔ |
|
|
| CrashPlan |
✔ |
✔ |
✔ |
✔ |
| Dialpad |
✔ |
✔ |
✔ |
|
| Email (Gmail) |
✔ |
✔ |
✔ |
|
| Endpoints (PLNU Managed Computers) |
✔ |
✔ |
✔ |
✔ |
| Files.com |
✔ |
✔ |
✔ |
✔ |
| Google Drive |
✔ |
✔ |
✔ |
✔ |
| ITS & Facilities Ticketing (TeamDynamix) |
✔ |
✔ |
✔ |
|
| Messaging (Dialpad Messaging) |
✔ |
✔ |
|
|
| Messaging (Google Chat) |
✔ |
✔ |
|
|
| myPLNU |
✔ |
✔ |
✔ |
|
| Office 365 |
✔ |
✔ |
✔ |
|
| OneLogin |
✔ |
✔ |
✔ |
|
| OneTrust |
✔ |
✔ |
|
|
| Point N Click |
✔ |
✔ |
✔ |
✔ |
| Printers (Printing and Scanning) |
✔ |
✔ |
✔ |
|
| Qualtrics |
✔ |
✔ |
|
|
| Slack (ITS) |
✔ |
✔ |
|
|
| Virtual Desktops |
✔ |
✔ |
✔ |
✔ |
| Workday |
✔ |
✔ |
✔ |
✔ |
| Zoom |
✔ |
✔ |
✔ |
✔ |