University Policies
Security Policies
University security policies are largely contained in UPPS 04.01 Computing Services, but this is not the only section of policy which pertains to information security. See the chart below for a summary of these policies across sections.
| Policy Number | Policy Title |
|---|---|
Policy Number UPPS 01.04.27 | Policy Title Ownership and Use of Copyrighted Works |
Policy Number UPPS 04.01.01 | Policy Title Security of Texas State Information Resources |
Policy Number UPPS 04.01.02 | Policy Title Information Resources Identity and Access Management |
Policy Number UPPS 04.01.05 | Policy Title Network Use Policy |
Policy Number UPPS 04.01.06 | Policy Title University Websites |
Policy Number UPPS 04.01.07 | Policy Title Appropriate Use of Information Resources |
Policy Number UPPS 04.01.08 | Policy Title Texas State Internet Domain Name Policy |
Policy Number UPPS 04.01.09 | Policy Title Server Management Policy |
Policy Number UPPS 04.01.10 | Policy Title Information Security Incident Management |
Policy Number UPPS 04.01.11 | Policy Title Risk Management of Information Resources |
Policy Number UPPS 04.01.12 | Policy Title Email Account Management |
Policy Number UPPS 05.02.06 | Policy Title Acquisition of Information Technology Resources |
Additional Texas State University System-Level Policies
Pursuant to the Texas State University System (TSUS) Rules and Regulations Chapter III §19.2, TSUS IT Policies found here are adopted as official Texas State University policy. TSUS IT Policies are authoritative and establish the minimum requirements for Texas State University. Additional Texas State University IT and information security policies, standards, procedures, and guidelines are enhancements and adaptations specific to Texas State University.
Data Classification
Texas State University uses a TXST uses a 3-tier data classification scheme established by UPPS 04.01.11 § 02.08 a, b, c. Please refer to the policy table above to see specific policy text. The table below provides a quick reference chart for institutional data classification. Different restrictions may apply to research data. Please refer to the Research Support section of this website to find out more.
| Confidential Information | Sensitive Information | Public Information | |
| Level of Sensitivity | High | Moderate | Low |
| Legal Requirements | Protection of data is required by law (e.g., TPIA, FERPA, and HIPAA data) or contractual agreements. | Often considered “public” in the sense it is releasable under the Texas Public Information Act, some assurance is required so release of information is both controlled and lawful. | Public information by its very nature is designed to be shared broadly, without restriction, at the complete discretion of the owner. |
| Disclosure Risk | Confidential information presents the most serious risk of harm if improperly disclosed. | Unauthorized disclosure of Sensitive information could adversely impact the University, individuals or affiliates. | From the perspective of confidentiality, public information may be disclosed or published by any person at any time. |
| Examples of Information | • Social Security numbers • Credit card info • Personal health info • Student records • Crime victim info • Library transactions • Court sealed records • Access control credentials | • Performance appraisals • Employee DOB • Employee email addresses • Donor information • Voicemail records • Email contents • Unpublished research | •Job posting • Service offerings • Published research • Directory information • Degree programs • General information about university products and services |