The UC IS-3 policy and the associated Institutional Information and IT Resource Classification Standard specifies that all UC Institutional Information and IT Resources must be assigned one of four Availability Levels based on the level of business impact that their loss of availability or service would have on UC, with A1 causing a minimum level of impact and A4 causing the highest level of impact.
More information on the new UC Data Classification Standard can be found at: https://security.ucop.edu/files/documents/policies/institutional-information-and-it-resource-classification-standard.pdf
Loss of availability poses minimal impact or financial losses.
- User workstations
- User laptops
Loss of availability may cause minor losses or inefficiencies.
- Departmental websites
- General file servers
- Electronic signage systems
Loss of availability would result in moderate financial losses and/or reduced customer service.
- Public websites
- File servers supporting business functions
- Point-of-sale systems
- Time reporting systems
- Event ticketing systems
Loss of availability would result in major impairment to the overall operation of the Location and/or essential services, and/or cause significant financial losses. IT Resources that are required by statutory, regulatory and legal obligations are major drivers for this risk level.
- Domain name servers (DNS)
- E-mail systems
- Building access control systems
- Network infrastructure
- Authentication systems
- Medical record systems