 |
| Information Asset Management CSU Policy |
Number: 8065.0 Revised: April 19, 2010 |
Policy Objective
The CSU Information Security policy provides direction and support for managing CSU information assets.
Policy Statement
Each campus must develop and maintain a data classification standard that meets or exceeds the requirements of the CSU Data Classification Standard.
Campuses must maintain an inventory of information assets containing level 1 or level 2 data as defined in the CSU Data Classification Standard. These assets must be categorized and protected throughout their entire life cycle, from origination to destruction.
The designated owner of information assets that store protected data is responsible for:
- Classifying the information asset according to the campus Data Classification Standard.
- Defining security requirements that are proportionate to the value of the information asset.
- Managing the information asset according to the requirements described in the campus Information Asset Management Standard.
Critical or protected data must not be transferred to another individual or system without approval of the data owner. Before critical or protected data is transferred to a destination system, the data owner should establish agreements to ensure that authorized users implement appropriate security measures.
Continue to the Sacramento State Supplemental Policy
Back to to Sacramento State Information Security Policy Website