Server Examples

Use the examples below to determine which risk classification is appropriate for a particular type of server. When servers fall into multiple risk categories, use the highest risk classification across all.

General Server (Low Risk)

Data and systems are classified as Low Risk if they are not considered to be Moderate or High Risk, and:

  • Servers used for research computing purposes without involving Moderate or High risk data
  • File server used to store published public data

Sensitive Server (Moderate Risk)

Data and systems are classified as Moderate Risk if they are not considered to be High Risk, and:

  • Servers handling Moderate Risk Data
  • Servers processing or storing PII
  • Servers storing or processing non-published Rice Research or Rice Intellectual Property (IP)
  • Database of non-public University contracts
  • File server containing non-public procedures/documentation

Confidential and Regulated Server (High Risk)

Data and systems are classified as High Risk if:

  • Servers handling High Risk Data
  • Servers managing access to other systems
  • University IT and departmental email systems
  • Active Directory / LDAP Directory
  • Person Registry
  • ERP, Student Systems, or Student Data
  • DNS Servers
  • Servers storing or processing Controlled Unclassified Information (CUI)