University Policies

Security Policies

University security policies are largely contained in UPPS 04.01 Computing Services, but this is not the only section of policy which pertains to information security. See the chart below for a summary of these policies across sections.

Policy Number	Policy Title	Effective Date
Policy Number UPPS 01.04.27	Policy Title Ownership and Use of Copyrighted Works	Effective Date January 19, 2018
Policy Number UPPS 04.01.01	Policy Title Security of Texas State Information Resources	Effective Date June 21, 2021
Policy Number UPPS 04.01.02	Policy Title Information Resources Identity and Access Management	Effective Date October 25, 2017
Policy Number UPPS 04.01.05	Policy Title Network Use Policy	Effective Date March 24, 2020
Policy Number UPPS 04.01.06	Policy Title University Websites	Effective Date June 29, 2018
Policy Number UPPS 04.01.07	Policy Title Appropriate Use of Information Resources	Effective Date November 21, 2019
Policy Number UPPS 04.01.08	Policy Title Texas State Internet Domain Name Policy	Effective Date August 28, 2019
Policy Number UPPS 04.01.09	Policy Title Server Management Policy	Effective Date November 21, 2019
Policy Number UPPS 04.01.10	Policy Title Information Security Incident Management	Effective Date April 30, 2021
Policy Number UPPS 04.01.11	Policy Title Risk Management of Information Resources	Effective Date May 09, 2019
Policy Number UPPS 04.01.12	Policy Title Email Account Management	Effective Date February 21, 2020
Policy Number UPPS 05.02.06	Policy Title Acquisition of Information Technology Resources	Effective Date May 04, 2020

Data Classification

Texas State University uses a TXST uses a 3-tier data classification scheme established by UPPS 04.01.11 § 02.08 a, b, c. Please refer to the policy table above to see specific policy text. The table below provides a quick reference chart for institutional data classification. Different restrictions may apply to research data. Please refer to the Research Support section of this website to find out more.

	Confidential information	Sensitive information	Public information
Level of Sensitivity	Confidential information High	Sensitive information Moderate	Public information Low
Legal Requirements	Confidential information Protection of data is required by law (e.g., TPIA, FERPA, and HIPAA data) or contractual agreements.	Sensitive information Often considered “public” in the sense it is releasable under the Texas Public Information Act, some assurance is required so release of information is both controlled and lawful.	Public information Public information by its very nature is designed to be shared broadly, without restriction, at the complete discretion of the owner.
Disclosure Risk	Confidential information Confidential information presents the most serious risk of harm if improperly disclosed.	Sensitive information Unauthorized disclosure of Sensitive information could adversely impact the University, individuals or affiliates.	Public information From the perspective of confidentiality, public information may be disclosed or published by any person at any time.
Examples of Information	Confidential information • Social Security numbers • Credit card info • Personal health info • Student records • Crime victim info • Library transactions • Court sealed records • Access control credentials	Sensitive information • Performance appraisals • Employee DOB • Employee email addresses • Donor information • Voicemail records • Email contents • Unpublished research	Public information •Job posting • Service offerings • Published research • Directory information • Degree programs • General information about university products and services

Information Security Glossary

The information security glossary is a searchable and filterable glossary of terms and definitions we use in all aspects of our work. Familiarize yourself with this terminology to deepen your understanding of information security at Texas State University.

Go to Glossary