Understanding data criticality

Understanding data criticality

Data criticality is a reflection of how vital data is to the University's missions and processes. It is a combination of data integrity and availability:

Criticality has to do with the importance of information to the University's ability to operate efficiently and effectively—or, in some cases, operate at all. While all data handled by the University is generally necessary in some sense, critical and mission critical data are more integral to the University's core missions and functions. If this kind of data is corrupted, destroyed, or inaccessible, the University, its units, and its employees may not be able to do their jobs.

Examples of data with high criticality concerns include:


Criticality classifications

To better understand how critical data is, the University organizes data into categories:

How critical is the data?

What could go wrong?

How do we protect it?

Non-critical

Non-critical data is necessary to the the University's ability to operate.

Loss of integrity or availability would only have little to no short-term impact on business continuity or operational effectiveness. Some services or functions may be slightly delayed or degraded if non-critical data loses integrity or availability.

Non-critical data should be protected according to best practices. Other protections may be appropriate, depending on the data.

Critical

Critical data is important to the University's ability to operate.

Loss of integrity or availability would have moderate short-term impact on business continuity or operational effectiveness. Key services or functions may be noticeably and disruptively delayed or degraded if critical data loses integrity or availability.

Critical data must be protected according to security controls established by policy and commensurate with the risks associated with the data.

Mission critical

Mission critical data is vital to the University's ability to operate.

Loss of integrity or availability would have significant short-term impact and possible long-term impact on business continuity or operational effectiveness. Key services or functions may be severely delayed or degraded, or may become impossible to deliver. Prolonged loss of mission critical data may threaten the University's ability to recover.

Mission critical data must be vigorously protected according to security controls established by policy and commensurate with the risks associated with the data.