AU Data Classification Policy
American University maintains data essential to the performance of university business. All members of the university community have a responsibility to protect university data from unauthorized generation, access, modification, disclosure, transmission, or destruction.
The objective of this policy is to assist AU employees in the assessment of data to determine the level of security, which must be implemented to protect that data whether it is in paper copy or on the information system for which they are responsible. All university data are classified into three levels of sensitivity, Confidential, Official Use Only, and Unrestricted. Once data has been classified, appropriate safeguards are implemented to protect data from theft, loss, and/or unauthorized disclosure, use, access, and/or destruction.