Requirements
The following are the minimum security requirements that must be followed for each DCL.
UM Data Classification System - Portable Storage Devices
UM Data Classification System - Portable Storage Devices
| Level 1: Public Data | Level 2: Sensitive Data | Level 3: Restricted Data | Level 4: Highly Restricted Data |
|---|---|---|---|
Device must be physically secured at all times. Report lost or stolen devices that are used for work purposes, regardless of ownership, to the appropriate ISO per the Mandatory Reporting Requirement. | Must comply with DCL1 requirements. Device encryption or password protection for files stored on the storage device is recommended. | Must comply with DCL1 and DCL2 requirements. | Must comply with DCL1, DCL2 and DCL3 requirements. Device encryption required. |
Levels 1-4:
All portable storage devices that are surplused or otherwise disposed of must follow University surplus property and data disposal policies.
Levels 1-4:
Personally-owned portable storage devices used for University business must be managed according to the same standards as University-issued devices.
Levels 1-4:
Review and follow the Information Security Travel Standard when traveling with a portable storage device.