Columbus State University Print Logo

Office of Information Security

Office of Information Security

Information (Data) Classification and Storage

The Chief Information Security Officer at CSU follows the guidelines set forth by the USG IT Handbook in reference to classifying and securing university data.


Unrestricted/Public Information (described in Section 5.7 and 9.3) as recommended may be stored on third party cloud/server storage, for example: Google Drive, CSU Individual Home Directory and/or the CSU Departmental Drive.

Sensitive Information (described in Section 5.7 and 9.3) as recommended should be encrypted and stored on the CSU Individual Home Directory and/or the CSU Departmental Drive.

Confidential Information and Personal Information (described in Section 5.7 and 9.3) as recommended must be encrypted and stored on the CSU Individual Home Directory and/or the CSU Departmental Drive and/or SFTP Server.

Special Note: When sharing sensitive information, confidential information and personal information with anyone over the internet (ie... email, third party cloud/server storage) recommended best practice is to first encrypt the file with a password prior to sharing and then provide the password verbally to the recipient.


The designated owner of a record is responsible for making the determination as to whether that record should be classified as public or confidential, and whether it contains personal and/or sensitive information. The owner of the record is responsible for defining special security precautions that must be followed to ensure the integrity, security, and appropriate level of confidentiality of the information.

usg   USG IT Handbook


Note: The definition of Owner is covered in Section 9, Data Governance and Management Structure, of the USG IT Handbook.

Attached is Section 5.7 USG Classification of Information Standard from the USG IT Handbook.
Attached is Section 9.0 Data Governance and Management Structure from the USG IT Handbook