Confidential Data

This documentation describes policies surrounding Category-I data that will be hosted on any Oden Institute systems including but not limited to the following: laptops, desktops, portable devices, or servers. Plans such as a CDCP (Confidential Data Control Plan) and/or data such as ITAR are considered Category-I data.

Note

Category-I data is also known as Confidential data. Confidential data examples are outlined on UT’s ISO website.

Due to the sensitivity of Confidential data being hosted at the Institute, a reasonable effort to explore other possibilities for storing confidential data should be exercised. For example, TACC is capable of handling all types of Category-I data and have in-house expertise to help facilitate the transmission, storage, and access to such data.

If partnering with TACC is not possible, the following section outlines Sysnet’s policies for dealing with Category-I data. These policies are subject to change without notification.

Policies

  • Sysnet must be notified in advance if considering hosting any Confidential data on any systems in the Oden Institute. Systems in Oden Institute are desktops, laptops, servers, storage devices, or any kind of portable device that is managed by Sysnet.

  • Only Sysnet managed systems are allowed to host Confidential data. Systems not managed by Sysnet cannot host Category-I data, no exceptions.

  • If a CDCP is being submitted, Sysnet is required to be kept in the loop at all phases and will help complete parts of the plan.

  • Users accessing Confidential data will be required to change their passwords according to Sysnet’s password policy. In addition, Users will be required to sign an affidavit stating they have agreed to the password policy and have changed their password.