Professional Documents
Culture Documents
blank
blank
blank
1. General Information
blank
blank
blank
blank
ORGANIZATION
DATE ADOPTED
Public
Sensitive
Confidential
Regulated
Definition
Information that could be subject to release under an open records Information that typically is excepted from the Public Information
requests, but should be controled to protect third parties
Act
Justification
Examples
Information that is published to the public website and requires no Data that meets the definition of PII under the Texas Business and
authentication
Commerce Code 521.002(a)(1) and 521.002(a)(2)
Agency publications
Employee Records
Press releases
Gross Salary Information
Public web postings
Data that has been excepted from public release under the Texas
Government Code Ch. 552 or data, whose pubic release, may
result in adverse consequences to the organization
Attorney-Client communications
Computer Vulnerability Reports
Protected draft communications
Net salary information
Data that meets the definition of SPI under the Texas Business and
Commerce Code 521.002(a)(1) and 521.002(a)(2): HIPAA Security
(45 CFR Parts 164), PCI DSS v2.0, FTI, FICA, tax information
No adverse consequences
Loss of reputation
Loss of trust
blank
blank
blank
blank
Public
Sensitive
Confidential
Regulated
Data Custodian
Data Owner
Managers
n/a
Users
n/a
PAGE 1 OF 5
4. Data Controls
Public
Sensitive
Confidential
Regulated
Marking
n/a
Handling
n/a
n/a
Duplication
n/a
Mailing
n/a
Disposition
Disposition based on requirements of the records retention Disposition based on requirements of the records retention Disposition based on requirements of the records retention
schedule.
schedule.
schedule.
Physical destruction required (e.g. shredding)
Destruction must be verified by agency personnel
Storage of hardcopy
Store a "Master copy" in compliance with records retention Store a "Master copy" in compliance with records retention
schedule.
schedule.
Documents should be locked up when not in use (e.g., in
locked desk, cabinet or office)
n/a
n/a
Encryption recommended
Encryption required.
Encryption required.
5. Access Controls
Public
Sensitive
Confidential
Regulated
No Restrictions
Read Access
Update Access
Delete Access
6. Transimssion Controls
Public
Sensitive
Confidential
Regulated
Print Controls
No restrictions
Output routed to pre-defined printer and monitored or secure Output routed to pre-defined printer and monitored or secure
printing enabled
printing enabled
No restrictions
Encryption Recommended
Encryption Required
Encryption Required
No restrictions
No restrictions
PAGE 2 OF 5
7. Audit Controls
Public
Sensitive
Confidential
Regulated
n/a
n/a
n/a
n/a
Review & affirm date must be set but flexible, i.e., 1-2 years
Review & affirm date must be set but flexible, i.e., 1-2 years
Info Owner must review & affirm all info classification and
user rights, not to exceed 1 year
Info Owner must review & affirm all info classification and
user rights, not to exceed 1 year
8. Notification Requirements
Public
Sensitive
Confidential
Regulated
PAGE 3 OF 5
Term
Definition
Reference