Understanding data criticality
Data criticality is a reflection of how vital data is to the University's missions and processes. It is a combination of data integrity and availability:
- Data integrity is about protecting data against improper maintenance, modification, or alteration. It includes data authenticity.
- Data availability is about the timeliness and reliability of access to and use of data. It includes data accessibility.
Criticality has to do with the importance of information to the University's ability to operate efficiently and effectively—or, in some cases, operate at all. While all data handled by the University is generally necessary in some sense, critical and mission critical data are more integral to the University's core missions and functions. If this kind of data is corrupted, destroyed, or inaccessible, the University, its units, and its employees may not be able to do their jobs.
Examples of data with high criticality concerns include:
- student and personnel records, which must remain accurate and available in order for the University to operate smoothly.
- research data, which may be irreplaceable or would impact the accuracy or feasibility of a study if corrupted or lost.
To better understand how critical data is, the University organizes data into categories:
How critical is the data?
What could go wrong?
How do we protect it?
Non-critical data is necessary to the the University's ability to operate.
Loss of integrity or availability would only have little to no short-term impact on business continuity or operational effectiveness. Some services or functions may be slightly delayed or degraded if non-critical data loses integrity or availability.
Non-critical data should be protected according to best practices. Other protections may be appropriate, depending on the data.
Critical data is important to the University's ability to operate.
Loss of integrity or availability would have moderate short-term impact on business continuity or operational effectiveness. Key services or functions may be noticeably and disruptively delayed or degraded if critical data loses integrity or availability.
Critical data must be protected according to security controls established by policy and commensurate with the risks associated with the data.
Mission critical data is vital to the University's ability to operate.
Loss of integrity or availability would have significant short-term impact and possible long-term impact on business continuity or operational effectiveness. Key services or functions may be severely delayed or degraded, or may become impossible to deliver. Prolonged loss of mission critical data may threaten the University's ability to recover.
Mission critical data must be vigorously protected according to security controls established by policy and commensurate with the risks associated with the data.