Authority: Vice Chancellor for Finance and Administration
History: First Issued: July 10, 2012.
NCSU REG01.25.05 – Procedure for Formatting, Adopting, and Publishing Policies, Regulations, and Rules (PRR Protocol)
NCSU REG04.00.02 – Public Records Request
NCSU REG08.00.03 – Data Management Procedures
NCGS §132-1.7 – Sensitive Public Security Information
Contact Information: Associate Vice Chancellor for Environemtal Health and Public Safety (919-515-4238)
1.1 Purpose of this Regulation
The purpose of this regulation is to establish (1) the correct data security classification for sensitive plans, design and construction documents, arrangements and drawings (“sensitive material”), and (2) proper protocols to provide for its security and release through the adoption of appropriate administrative rules.
This regulation governs sensitive material as a subset of “university data” as that term is defined in NCSU REG 08.00.03 – Data Management Procedures. Typical categories of sensitive material contemplated by this regulation include, but are not limited to: (1) detailed public security plans, (2) security arrangements created by public safety agencies in preparation for public events, (3) construction documents, building schematics, information technology or telecommunications infrastructure plans, or any other detailed plan or drawing of public buildings and infrastructure facilities.
1.2 Sensitive Material and Public Records Law
While providing broad access to public records, North Carolina’s public records law does not apply to the sensitive material contemplated by this regulation. Although the general public has no right of access to inspect or copy this material, requests from non-university parties for access to or copies of sensitive material should still be handled in accordance with NCSU REG04.00.02 – Public Records Request.
2. DATE SECURITY CLASSIFICATION
Due to its highly sensitive nature, sensitive material governed by this regulation is assigned the High Security classification level as provided in NCSU REG08.00.03 – Data Management Procedures (paragraph 6.1). As such, all data trustees, stewards and custodians (NCSU REG08.00.03 – Data Management Procedures, paragraph 3) exercising oversight responsibility for sensitive material must implement appropriate standards, procedures, and guidelines commensurate with this classification necessary to administer the security and access for this material. Examples of such standards, procedures or guidelines may include storing sensitive material under secured conditions as well as requiring signed non-disclosure and return agreements from non-university parties provided access to sensitive material. Please refer to NCSU REG08.00.03 – Data Management Procedures for more information on data security requirements.
3. IMPLEMENTING RULES AUTHORIZED
Subordinate academic or administrative units maintaining sensitive material may promulgate rules to implement this regulation’s requirements, which will become effective upon approval of the executive officer or delegee to whom the unit reports. See NCSU REG01.25.05 – Procedure for Formatting, Adopting, and Publishing Policies, Regulations, and Rules (PRR Protocol) regarding proper adoption, posting and publication of rules.