REG 04.00.08 – Security of Sensitive Plans Designs and Construction Documents Arrangements and Drawings

Authority:  Vice Chancellor for Finance and Administration

History:  First Issued:  July 10, 2012.

Related Policies:
NCSU REG01.25.05 – Procedure for Formatting, Adopting, and Publishing Policies, Regulations, and Rules (PRR Protocol)

NCSU REG04.00.02 – Public Records Request
NCSU REG08.00.03 – Data Management Procedures

Additional References:
NCGS §132-1.7 – Sensitive Public Security Information

Contact Information:  Associate Vice Chancellor for Environemtal Health and Public Safety (919-515-4238)


1.  INTRODUCTION

1.1  Purpose of this Regulation

The purpose of this regulation is to establish (1) the correct data security classification for sensitive plans, design and construction documents, arrangements and drawings (“sensitive material”), and (2) proper protocols to provide for its security and release through the adoption of appropriate administrative rules.

This regulation governs sensitive material as a subset of “university data” as that term is defined in NCSU REG 08.00.03 – Data Management Procedures.  Typical categories of sensitive material contemplated by this regulation include, but are not limited to: (1) detailed public security plans, (2) security arrangements created by public safety agencies in preparation for public events, (3) construction documents, building schematics, information technology or telecommunications infrastructure plans, or any other detailed plan or drawing of public buildings and infrastructure facilities.

1.2  Sensitive Material and Public Records Law

While providing broad access to public records, North Carolina’s public records law does not apply to the sensitive material contemplated by this regulation.  Although the general public has no right of access to inspect or copy this material, requests from non-university parties for access to or copies of sensitive material should still be handled in accordance with NCSU REG04.00.02 – Public Records Request.

2.  DATE SECURITY CLASSIFICATION

Due to its highly sensitive nature, sensitive material governed by this regulation is assigned the High Security classification level as provided in NCSU REG08.00.03 – Data Management Procedures (paragraph 6.1).  As such, all data trustees, stewards and custodians (NCSU REG08.00.03 – Data Management Procedures, paragraph 3) exercising oversight responsibility for sensitive material must implement appropriate standards, procedures, and guidelines commensurate with this classification necessary to administer the security and access for this material.  Examples of such standards, procedures or guidelines may include storing sensitive material under secured conditions as well as requiring signed non-disclosure and return agreements from non-university parties provided access to sensitive material.  Please refer to NCSU REG08.00.03 – Data Management Procedures for more information on data security requirements.

3.  IMPLEMENTING RULES AUTHORIZED

Subordinate academic or administrative units maintaining sensitive material may promulgate rules to implement this regulation’s requirements, which will become effective upon approval of the executive officer or delegee to whom the unit reports.  See NCSU REG01.25.05 – Procedure for Formatting, Adopting, and Publishing Policies, Regulations, and Rules (PRR Protocol) regarding proper adoption, posting and publication of rules.