DISC Protection Levels
Dartmouth approaches applicable security controls (what steps must be taken to adequately secure data) based on the impact to Dartmouth if that data was to be breached. Below is a table of how data is categorized along with some examples.
Each case is different, so we strongly encourage Thayer community members to work with Computing Services to make sure their data is secure.
|LEVEL||Impact on Dartmouth if breached||Some Examples of Info Types (not limited to these examples)|
|3||Extreme harm, long lasting effect, $multi-million impact, reputation seriously affected, serious health & safety impact||STRICTLY CONFIDENTIAL: PII, PHI, PCI, FERPA data, sensitive investment data, endowment data, financial or statistical data never to be made public, pre-patent data & certain academic research data, security/fire/equipment control systems, certain legal files|
|2||Significant harm, high $, but manageable||CONFIDENTIAL: Compensation, general HR data, Budget, some academic research data, attorney-client privilege info|
|1||Minimum to Moderate harm, no lasting impact, minimum $||FOR INTERNAL DARTMOUTH USE: All business data not included above, i.e. routine business information|
|0||Zero impact, $0||Everything else (info intended for the public, or if became public inadvertently, would have no impact)|