All members of the Carleton University community have a responsibility to protect the confidentiality, integrity, and availability of data and information generated, accessed, modified, transmitted, stored or used by the University, irrespective of the medium on which the data resides and regardless of format; e.g., electronic, paper or other.
Below you will find the handling standards that were developed to support Carleton’s Data and Information Classification and Protection policy.
Data Classification
All University data and information must be classified into one of three sensitivity levels or classifications as soon as possible after the creation or acceptance of ownership by the University.
The three classes of data are:
- Confidential Data
- Internal Data
- Public Data
For definitions and examples, please refer to Appendix 1 in the Data and Information Classification and Protection policy
Data Handling Standards
The Data Handling Standards outline the controls required for public, internal, and confidential data in regards to the following:
- paper based documents,
- personal computers,
- mobile devices,
- university workstations,
- onsite servers, and
- remote servers/clouds.
The handling controls include such protections as labelling, password protection, encryption, and more.
Data Handling Lifecycle
This Data Handling Lifecycle Matrix outlines the protection requirements for Carleton University information assets throughout the following information lifecycle:
- understanding
- creating
- storing
- using
- sharing
- archiving
- destroying
More Information
For more about handling data at Carleton, including the risks associated should the confidentiality, integrity or availability of data or information be compromised, please see the Data and Information Classification and Protection policy.