University Policies

Security Policies

University security policies are largely contained in UPPS 04.01 Computing Services, but this is not the only section of policy which pertains to information security. See the chart below for a summary of these policies across sections.

Policy NumberPolicy Title
Policy Number
UPPS 01.04.27
Policy Title
Ownership and Use of Copyrighted Works
Policy Number
UPPS 04.01.01
Policy Title
Security of Texas State Information Resources
Policy Number
UPPS 04.01.02
Policy Title
Information Resources Identity and Access Management
Policy Number
UPPS 04.01.05
Policy Title
Network Use Policy
Policy Number
UPPS 04.01.06
Policy Title
University Websites
Policy Number
UPPS 04.01.07
Policy Title
Appropriate Use of Information Resources
Policy Number
UPPS 04.01.08
Policy Title
Texas State Internet Domain Name Policy
Policy Number
UPPS 04.01.09
Policy Title
Server Management Policy
Policy Number
UPPS 04.01.10
Policy Title
Information Security Incident Management
Policy Number
UPPS 04.01.11
Policy Title
Risk Management of Information Resources
Policy Number
UPPS 04.01.12
Policy Title
Email Account Management
Policy Number
UPPS 05.02.06
Policy Title
Acquisition of Information Technology Resources

Additional Texas State University System-Level Policies

Pursuant to the Texas State University System (TSUS) Rules and Regulations Chapter III §19.2, TSUS IT Policies found here are adopted as official Texas State University policy. TSUS IT Policies are authoritative and establish the minimum requirements for Texas State University. Additional Texas State University IT and information security policies, standards, procedures, and guidelines are enhancements and adaptations specific to Texas State University.


Data Classification

Texas State University uses a TXST uses a 3-tier data classification scheme established by UPPS 04.01.11 § 02.08 a, b, c. Please refer to the policy table above to see specific policy text. The table below provides a quick reference chart for institutional data classification. Different restrictions may apply to research data. Please refer to the Research Support section of this website to find out more.

Confidential InformationSensitive InformationPublic Information
Level of SensitivityHighModerateLow
Legal RequirementsProtection of data is required by law (e.g., TPIA, FERPA, and HIPAA data) or contractual agreements.Often considered “public” in the sense it is releasable under the Texas Public Information Act, some assurance is required so release of information is both controlled and lawful.Public information by its very nature is designed to be shared broadly, without restriction, at the complete discretion of the owner.
Disclosure RiskConfidential information presents the most serious risk of harm if improperly disclosed.Unauthorized disclosure of Sensitive information could adversely impact the University, individuals or affiliates.From the perspective of confidentiality, public information may be disclosed or published by any person at any time.
Examples of Information• Social Security numbers
• Credit card info
• Personal health info
• Student records
• Crime victim info
• Library transactions
• Court sealed records
• Access control credentials
• Performance appraisals
• Employee DOB
• Employee email addresses
• Donor information
• Voicemail records
• Email contents
• Unpublished research
•Job posting
• Service offerings
• Published research
• Directory information
• Degree programs
• General information about university products and services