Information Security
The University is committed to ensuring its’ information is always managed securely and in accordance with the best practice requirements of the NSW Standard on records management. The standard requires that the University’s records are protected from unauthorised or unlawful access, destruction, loss, deletion or alteration.
The University’s Data Classification Standard provides the framework for the protection of University information based on its’ sensitivity as defined by type, importance and usage. This framework is further informed by both the Record Security Guideline and the Data Handling Guidelines.
RAMS Data Classification
When capturing records to the University’s recordkeeping system RAMS, the information being captured can be mapped to one of the UNSW Data classification levels: Unclassified, Private, Sensitive and Highly Sensitive; to define its sensitivity and to enable controls appropriate to the level of sensitivity to be put in place.
These controls are applied in RAMS through the use of Access Control, an opt-in method of specifying access rights to electronic records captured within the system. Access Control is based on organisational units or pre-defined Access Groups, and provides the primary means by which to control access to University records in RAMS.
This process of data classification should be an inherent part of the capture of records, whenever creating a new records container, or when records of a higher sensitivity are to be captured to a container, or evidence of a new business activity is required to be captured.