Critical System Intake Process

A critical system refers to a server, application, device or a platform, if compromised, could significantly harm the University. It is the responsibility of a Data Steward to classify any hosts as critical if their compromise could result in significant harm to Stevens. Instances of significant harm may encompass legal accountability, harm to the institution's reputation, disruption of essential business operations, and the exposure of confidential information, including personally identifiable information (PII). 

Data classification standards are defined in the Security Policy Appendix A. 

Additional security controls are required for systems that handle or process sensitive information as outlined in Security Policy Appendix B.

If you have any questions, please contact our security office at [email protected].  

Definitions

The classification of data is defined in the Information Security Policy. 

A Data Steward is a member of the Administrative Council who has planning and decision-making responsibilities for Institutional Data in their functional area. 

Personally Identifiable Information (“PII”) is information that identifies an individual or relates to an identifiable individual, including, but not limited to name, postal address (including billing and shipping addresses), telephone number, email address, credit or debit card number, or other information that an individual voluntarily provides through the use of Stevens website or other information technology services or hard copies maintained by Stevens.