Data Classification

Data Classification is an essential aspect in defining the content of a file type.  In today’s information resources, we see many file types and data types:

  • File Types may include but not limited to…the Microsoft Office platform, PDF, Jpeg, XML files, text files etc…
  • Data types is the information contain in a file: e.g. public information, controlled information and confidential information.

More details about the Texas A&M System Data Classification Standard.

Identifying Data With Spirion

One of the challenges in dealing with data types is the inability to know what type of data is in a file type.  Looking at the name of a document is not always helpful.  The only true way to know what type of data you are accessing or handling is to open the file.  That is where Spirion comes in; OIT is leveraging Spirion to assist with finding and identifying data types.  With this tool, OIT and the user can scan for Social Security Numbers, Credit Cards numbers, Date of Birth, Addresses, E-mail, Passport Numbers, Passwords, Telephone, Driver’s License, HIPAA information and other custom data types.  

Once Spirion has identified the data type, the data owner can classify the file as Top Secret, Classified, Restricted or Public.  These are easily identifiable to the user viewing the file.  Spirion is required on the endpoint in order to scan and/or visually see the unique identifiers.

Top Secret button for SpirionConfidential button for SpirionRestricted button for SpirionPublic button for Spirion

For information on scanning your personal workstation…coming soon

For information on classifying your data…coming soon

Handling Confidential Data

The Texas A&M Health Science Center has deemed all data is to be handled and processed as confidential information.  TAMHSC OIT maintains all data through access controls standards and a least privilege access model.*

Confidential data as classified by FERPA, HIPAA, PCI and other personal information may have further restrictions as required by laws and regulation.  This data is subject to monitoring and audits.

*The principle of least privilege is the practice of limiting access to the minimal level that will allow our staff and faculty to still do their jobs.