What is the Data Classification Inventory?
You may have received a link from email@example.com with a Qualtrics link starting with csusm.co1.qualtrics.com. This is IITS’ Confidential Data Classification Inventory, a mandatory inventory for ALL faculty and staff as stipulated by CSU Policy. This inventory is
not spam, and you will have 2 weeks to complete this inventory.
The purpose of this inventory is to identify and classify personnel access and handling
of Level 1 and Level 2 data, describe below. This enables CSUSM is able to appropriately
respond to a potential breach of security and make improvements to storage and access
methods if necessary. It is very important that the questions are reviewed thoroughly
and answered accurately. Your responses will be kept in a secured with limited access
by members of the security team.
The Data Classification Standard adopted by the CSU.
Examples of Level 1
Confidential information include but are not limited to:
- Passwords or credentials that grant access to level 1 and level 2 data
- PINs (Personal Identification Numbers)
- Birth date combined with last four digits of SSN and name
- Credit card numbers with cardholder name
- Tax ID with name
- Driver’s license number, state identification card, and other forms of national or
international identification (such as passports, visas, etc.) in combination with
- Social Security number and name
- Health insurance information
- Medical records related to an individual
- Psychological Counseling records related to an individual
- Bank account or debit card information in combination with any required security code,
access code, or password that would permit access to an individual's financial account
- Biometric information
- Electronic or digitized signatures
- Private key (digital certificate)
- Law enforcement personnel records
- Criminal background check results
Examples of Level 2
Internal Use information include but are not limited to:
- Identity Validation Keys (name with) - Birth date (full: mm-dd-yy) - Birth date (partial:
- Photo (taken for identification purposes)
- Student Information-Educational Records not defined as “directory” information, typically:
- Grades, Courses taken, Schedule, Test Scores, Advising records, Educational services
received, Disciplinary actions, Student photo
- Library circulation information.
- Trade secrets or intellectual property such as research activities
- Vulnerability/security information related to a campus or system
- Campus attorney-client communications
- Employee Information, Employee net salary, Home address, Personal telephone numbers,
Personal email address, Payment History, Employee evaluations, Pre-employment background
investigations, Mother’s maiden name, Race and ethnicity, Parents’ and other family
members’ names, Birthplace (City, State, Country), Gender, Marital Status, Physical
- Location of critical or protected assets
- Licensed software
If you have any questions, feel free to contact us by emailing firstname.lastname@example.org.