Institutional Data Classification Committee

The Institutional Data Classification Committee (IDCC) serves as the governance committee for institutional data classification.

IDCC Membership

The IDCC is chaired by an OCIO designee and is convened on an as-needed basis and consists of:

  • Data stewards or their designees,
  • Chief Information Security Officer or designee,
  • Ohio State University Wexner Medical Center data security director or designee
  • Executive Committee on Integrated Institutional Business Intelligence and Data Governance designee
  • University Senate designee
  • Any other individuals at the IDCC’s discretion.

IDCC Responsibilities

The IDCC exists to:

  1. Promote the importance of protecting and securing institutional data as an asset and establish standards and best practices.
  2. Classify new or existing data elements in accordance with applicable legal, regulatory, administrative, and contractual requirements; intellectual property or ethical considerations; strategic or proprietary worth and/or university rules and policies.
  3. Document and disseminate committee decisions and other relevant information to data stewards, data managers, data custodians, and data users.
  4. Manage institutional data classification conflicts in regard to university rules, policies, standards, and unit operating procedures.
  5. Oversee data stewards’ responsibilities identified in this policy.
  6. Respond to requests and questions submitted to idcc@osu.edu.
  7. Consider and decide policy exceptions and/or waiver requests submitted for approval.
  8. Consider and decide data classification addition or modification requests submitted for approval.

Documentation

The IDCC chair maintains three (3) reference documents that have been developed as “job aids,” to help Ohio State departments better understand and successfully implement the Institutional Data policy:

  • Institutional Data Element Classification Assignments: This document maps institutional data elements to the appropriate data classification levels. IDCC members discuss and determine the classification of data elements.
  • Permitted Data Usage By Activity: This document identifies which classifications of institutional data are permitted for specific data user activities. The classification permitted is based on the Data Steward’s system security assessment.
  • Permitted Data Usage By Service: This document identifies which classifications of institutional data are permitted for specific core or hosted services. The classification permitted is based on the Data Steward’s system security assessment.

Contact

For more information submit comments, questions, and suggestions to IDCC@osu.edu