Information Security Center

Manchester Community College’s Information Technology security website provides you critical information required to secure and protect computer systems against known security threats. This website is a repository of information related to all different areas of system and information security. We encourage all members of the MCC college community to visit this site regularly for current and breaking information on security threats and preventative practices.


Data Classification

Certain information is considered by law as confidential and must be protected from unauthorized access or modification. Data, which is essential to critical functions, must be protected from loss, contamination, or destruction.

Data Classification is the process of grouping data elements together by risk level. MCC has identified four Data Classification Levels (DCL) from 0 to 3. Appropriate security controls will be applied to each classification level. Increasingly restrictive data management and security practices are required for each level, with DCL0 requiring limited protection to DCL3 (formerly referred to as Class A Data) requiring the most protection.

Data Classification Level (DCL) Description Examples
3
DCL3
(Protected Confidential)
Level 3 is protected confidential data, which comprises identity and financial data that, if improperly disclosed, could be used for identity theft or to cause financial harm to an individual or MCC. Security at this level is very high (highest possible). Identity Data with:

  • Social Security number
  • Bank account or debit card information
  • Credit card number & cardholder information
  • Student Loan Data
2
DCL2
(Restricted)
Level 2 is restricted data that is available for disclosure, but only under strictly controlled circumstances. Such information must typically be restricted due to proprietary, ethical or privacy considerations.
An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information. Security at this level is high.
Identity Data with:

  • Birth date
  • Mother’s maiden name
  • Academic records (e.g. Grades, Test scores, Courses taken, etc.)
  • Student Records (e.g. Advising records, Disciplinary actions)
  • Employee Records
1
DCL1
(Internal)
Level 1 is internal data that has not been approved for general circulation outside MCC where its disclosure would inconvenience MCC, but is unlikely to result in financial loss or serious damage to credibility. Security at this level is controlled but normal.
  • Internal memos
  • Minutes of meetings
  • Internal project reports
  • NetID Account
0
DCL0
(Public)
Level 0 is public data that has been explicitly approved for distribution to the public. Disclosure of public data requires no authorization and may be freely disseminated without potential harm to MCC. Security at this level is minimal.
  • Advertising
  • Public Directory Information
  • Press Releases
  • Job postings
  • Campus Maps

If you have questions or require additional information on Information Security at Manchester Community College, please go to https://cscu.service-now.com/sp/ and open an incident.


Resources