Risk Classifications

Rice has classified its information assets into 4 risk-based data classifications for the purpose of determining who is allowed to access the information and what security precautions must be taken to protect it against unauthorized access.

General Data (Low Risk)

Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:

  • The data is intended for public disclosure
  • The loss of confidentiality, integrity, or availability of the data or system would have no adverse impact on our mission, safety, finances, or reputation.

Private Data (Low Risk)

Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:

  • The data is not generally available to the public
  • The loss of confidentiality, integrity, or availability of the data or system would have a mildly adverse impact on our mission, safety, finances, or reputation.

Sensitive Data (Moderate Risk)

Data and systems are classified as Moderate Risk if they are not considered to be High Risk, and:

  • The data should not be available to the public
  • The loss of confidentiality, integrity, or availability of the data or system could have an adverse impact on our mission, safety, finances, or reputation.

Confidential and Regulated Data (High Risk)

Data and systems are classified as High Risk if:

  • Protection of the data is required by law/regulation
  • Rice is required to self-report to the government and/or provide notice to the individual if the data is inappropriately accessed
  • The loss of confidentiality, integrity, or availability of the data or system could have a significant adverse impact on our mission, safety, finances, or reputation.

Uncertain about your classification?

Try visiting these pages for specific examples.