Background
The University of Florida is the owner of information generated or used by University employees while in the employ and conducting the business of the University, no matter where that information resides. As Owner, the University of Florida is responsible for prescribing certain levels of protection for information whose loss, corruption or unauthorized disclosure results in some level of adversity for the University or an individual. The responsibility for classifying information resides with the Owner’s Designee. The information Designee is the Dean, Department Chair, or Department Director

The SPICE program requires that information be classified into one of four classifications; Restricted, Sensitive, Operational or Unrestricted. When classifying information consider, how important (high, medium or low) it is to keep it confidential, how important (high, medium or low) its integrity is, and how important (high, medium or low) it is to be available. See also the Information Classification Eduguide (EG0003 Dated: 9/06/05) or the powerpoint presentation on this topic.

We've prepared an preliminary list of information TYPES and their classifications of information the AISS organization generates or works with. This Word document is not considered to be complete as we discover new information types on a regular basis. Also included in the document is, what we believe, the criticality of the information. Assigning the criticality CRUCIAL to the information type impacts the planning for the availability of the information in case of disasters.

A second Word document lists the Information SYSTEMS and their classification. Of particular interest are the CRUCIAL information systems as these will drive the development of the contingency planning efforts. (But that's a separate discussion that we will have later.)