![[New School IT logo]](/images/tns-it-lockup.png)
Availability Level Classification Guide¶
The Standard for Information and System Classification specifies that all New School Institutional Information and IT Resources must be assigned one of four Availability Levels based on how severely the university’s business operations would be impacted if the information or resource were unavailable. The process outlined in the standard provides guidance on determining Availability Levels.
Data Owners and Application Owners, with the support of the Information Security and Privacy Office, are responsible for determining the Availability Level for Institutional Information and IT Resources under their area of responsibility.
Caution
Be careful when classifying information. Over-classification may result in additional cost and compliance requirements. Under-classification may result in inadequate protections that could lead to interruption of operations.
Data Owners and Application Owners can refer to the charts below to determine appropriate Availability Levels. If the Institutional Information or IT Resource in question is not included in these charts, consult with the Information Security and Privacy office for guidance.
Availability Level AL-4 – High¶
| INSTITUTIONAL INFORMATION TYPE | JUSTIFICATION |
|---|---|
| Building access control system | life and safety |
| Building management systems—HVAC, lighting, elevators, emergency phones | life and safety |
| Data center network routers / switches | critical infrastructure |
| Directory services (Active Directory, LDAP) | critical infrastructure |
| Domain Name System (DNS) | critical infrastructure |
| Dynamic Host Configuration Protocol (DHCP) | critical infrastructure |
| Internet connectivity | critical infrastructure |
| Internet firewalls | critical infrastructure |
| Load balancers (F5) | critical infrastructure |
| Password vault (Secret Server) | critical infrastructure |
| Single Sign-on (CAS) | critical infrastructure |
| TACACS | critical infrastructure |
| Veeam infrastructure | critical infrastructure |
| VMWare infrastructure | critical infrastructure |
Availability Level AL-3 – Moderate¶
| INSTITUTIONAL INFORMATION TYPE | JUSTIFICATION |
|---|---|
| Building management systems—other | operational mission |
| Building / floor network routers / switches | operational mission |
| File servers supporting business operations | operational mission |
| Financial / accounting / payroll systems | operational mission |
| HR Information System (Workday connections) | operational mission |
| HRIS-SIS data transfers (Workday SFTP) | operational mission |
| Identity and Access Management System (Fischer) | operational mission |
| International student information system (Sunapsis) | operational mission |
| IT Central ticketing (Cherwell) | operational mission |
| Student Information System (Banner) | operational mission |
| Student Portal (Luminis) | operational mission |
| VoIP | operational mission |
| VPN | operational mission |
| Wireless network | operational mission |
Availability Level AL-2 – Low¶
| INSTITUTIONAL INFORMATION TYPE | JUSTIFICATION |
|---|---|
| Campus Card (Heartland) | operational mission |
| Credit / Debit / ACH payments (TouchNet + Banner) | operational mission |
| Printing—student (Pharos) | academic mission |
Availability Level AL-1 – Minimal¶
| INSTITUTIONAL INFORMATION TYPE | JUSTIFICATION |
|---|---|
| Office computers (desktops, laptops) | operational mission |
| Printing—office | operational mission |
| IT website | operational mission |
References¶
Document history
| Date | Author | Description |
|---|---|---|
| Jun 2020 | D. Curry |
|
Parts of this guideline are adapted from the University of California’s classification framework, coordinated by Robert Smith, the contents of which are used with permission.