Test page for gravity form

Data Classification Tool

Step 1 of 11

Is your data regulated under an existing law or framework?(Required)

If you're not sure if your data is regulated by any of these laws, just select "No." This calculator will guide you to the correct classification based on the content of your data.

Yes

Select the choice below to learn what Texas A&M University classification level applies.

Family Educational Right and Privacy Act (FERPA)

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act (GLBA)

Federal Information Security Management Act (FISMA)

Payment Card Industry Data Security Standard (PCI DSS)

Executive Order 13556: Controlled Unclassified Information (CUI)

15 CFR Part 730: Export Administration Regulations (EAR)

International Traffic in Arms Regulations (ITAR)

Defense Federal Acquisition Regulation Supplement (DFARS)

EU General Data Protection Regulation (GPDR)

Atomic Energy Act of 1954 (42 USC Chap. 14)

Do you have student data?(Required)

Student data is regulated under FERPA. Examples of student data include rosters, grades, any student-generated work and even a student's schedule.

Yes

Do you have health data?(Required)

Do you use, access, or collect health information for any individuals other than yourself?
Examples of protected health data are clinical data, personal health records, or any data regulated under HIPAA or HITECH.

Yes

Do you have research data?(Required)

Research data is defined as “the recorded factual material commonly accepted in the scientific community as necessary to validate research findings.” Research data does not include preliminary analyses, drafts of scientific papers, plans for future research, peer reviews or communications with colleagues.

Yes

My research data contains:

Employee & benefits data

Facilities data

Information security protocols and documents

Research Compliance & Administration (contracts, grants, IRB documentation)

Policies, procedures, and standards documents

Departmental working papers (memos, agendas, meeting minutes, etc)

Employee communications (email, chat logs, etc)

Recordings or data from surveillance cameras (AVST installations)

Do you have financial records?(Required)

Examples of data in this category are financial aid data; federal tax information, credit card numbers, or banking information (other than your own); financial and budget data for the university or a university its unit; or any other data that falls under GLBA.

Yes

Do you have data with sensitive personal information?(Required)

Sensitive personal information is defined by Texas Government Code §521.002; it can be government-issued ID numbers or documents (SSNs, passport or licenses numbers); electronic signatures or personal biometric information; financial account numbers; or any data that falls under GDPR.

Yes

Do you have controlled unclassified information?(Required)

This type of data requires special handling and processes. Examples include: export-controlled information (under EAR or ITAR); or data from a federal agency that is controlled unclassified information (CUI).

Yes

Do you have government classified or other similarly restricted data?(Required)

This type of data requires special handling and processes. Examples include: highly classified research; classified information relating to defense services; or information covered by an invention secrecy act.

Yes

Do you have data related to other university business?(Required)

Other types of university data are related to the administrative and business functions of the institution. This includes a wide variety of data with different levels of sensitivity.

Yes

I have data that contains:

Employee & benefits data

Export-controlled information (ITAR, EAR, etc)

IRB-managed research or human subject data

Classified research data (most DoD-funded, etc.)

Other (non-restricted) research data

Do you have data that doesn't fit in the categories above? Is it Public?(Required)

Public data is the category of data with the lowest sensitivity, and is openly available to the public, or available upon request without screening.
Examples include:

Data intended for distribution on a publically-accessible website
Public directory information for employees or departments
Directory information for students who have not requested a FERPA block
Intercollegiate sports information (team rosters, schedules, etc)
Research publications not under embargo
Official university communications and public announcements

I have data that falls into one of these categories.

Yes

These results are only a guide. If you have questions, please contact Technology Services at it-security@tamu.edu.

University-Internal

University-Internal data is information that may be accessed by eligible employees in the course of university business. This data may be releasable to the public upon request, but requires protection and evaluation to ensure lawful release. See security control DC-4.

Critical

Critical data can likely result in criminal or civil penalties if inappropriately handled. This is the highest level of classification for data, and use is limited to explicitly designated individuals with a stringent business requirement. See security control DC-6.

Test page for gravity form

Test page for gravity form

Data Classification Tool

University-Internal

Critical

Statement of Land Acknowledgement