Skip to Content
Texas State University

University Policies

Security Policies

University security policies are largely contained in UPPS 04.01 Computing Services, but this is not the only section of policy which pertains to information security. See the chart below for a summary of these policies across sections.

Policy Number Policy Title Effective Date
Policy Number
UPPS 01.04.27
Policy Title
Ownership and Use of Copyrighted Works
Effective Date
January 19, 2018
Policy Number
UPPS 04.01.01
Policy Title
Security of Texas State Information Resources
Effective Date
June 21, 2021
Policy Number
UPPS 04.01.02
Policy Title
Information Resources Identity and Access Management
Effective Date
October 25, 2017
Policy Number
UPPS 04.01.05
Policy Title
Network Use Policy
Effective Date
March 24, 2020
Policy Number
UPPS 04.01.06
Policy Title
University Websites
Effective Date
June 29, 2018
Policy Number
UPPS 04.01.07
Policy Title
Appropriate Use of Information Resources
Effective Date
November 21, 2019
Policy Number
UPPS 04.01.08
Policy Title
Texas State Internet Domain Name Policy
Effective Date
August 28, 2019
Policy Number
UPPS 04.01.09
Policy Title
Server Management Policy
Effective Date
November 21, 2019
Policy Number
UPPS 04.01.10
Policy Title
Information Security Incident Management
Effective Date
April 30, 2021
Policy Number
UPPS 04.01.11
Policy Title
Risk Management of Information Resources
Effective Date
May 09, 2019
Policy Number
UPPS 04.01.12
Policy Title
Email Account Management
Effective Date
February 21, 2020
Policy Number
UPPS 05.02.06
Policy Title
Acquisition of Information Technology Resources
Effective Date
May 04, 2020

Data Classification

Texas State University uses a TXST uses a 3-tier data classification scheme established by UPPS 04.01.11 § 02.08 a, b, c. Please refer to the policy table above to see specific policy text. The table below provides a quick reference chart for institutional data classification. Different restrictions may apply to research data. Please refer to the Research Support section of this website to find out more.

Confidential information Sensitive information Public information

Level of Sensitivity
Confidential information
High
Sensitive information
Moderate
Public information
Low

Legal Requirements
Confidential information
Protection of data is required by law (e.g., TPIA, FERPA, and HIPAA data) or contractual agreements.
Sensitive information
Often considered “public” in the sense it is releasable under the Texas Public Information Act, some assurance is required so release of information is both controlled and lawful.
Public information
Public information by its very nature is designed to be shared broadly, without restriction, at the complete discretion of the owner.

Disclosure Risk
Confidential information
Confidential information presents the most serious risk of harm if improperly disclosed.
Sensitive information
Unauthorized disclosure of Sensitive information could adversely impact the University, individuals or affiliates.
Public information
From the perspective of confidentiality, public information may be disclosed or published by any person at any time.

Examples of Information
Confidential information
• Social Security numbers
• Credit card info
• Personal health info
• Student records
• Crime victim info
• Library transactions
• Court sealed records
• Access control credentials
Sensitive information
• Performance appraisals
• Employee DOB
• Employee email addresses
• Donor information
• Voicemail records
• Email contents
• Unpublished research
Public information
•Job posting
• Service offerings
• Published research
• Directory information
• Degree programs
• General information about university products and services

Information Security Glossary

The information security glossary is a searchable and filterable glossary of terms and definitions we use in all aspects of our work. Familiarize yourself with this terminology to deepen your understanding of information security at Texas State University.