Skip to Content
California State University, Long BeachCalifornia State University, Long Beach

Information Security

Records Management Standard

Get Acrobat Reader


The California State University identifies three (3) classification levels of information based on the value, legal requirements, sensitivity and criticality assigned to them. These levels are:

  • Level 1 - Confidential
  • Level 2 - Internal Use or Enterprise
  • Level 3 - Public

Aggregates of information are classified based upon the most secure classification level. That is, when information of mixed classifications exists in the same file, document or other written form, the entire file, document, etc. shall be classified at the most secure classification level.

Level 1 – Confidential

This is information maintained by the University which is exempt from disclosure under the provisions of the California Public Records Act or other applicable state or federal laws. The unauthorized use, access, disclosure, acquisition, modification, loss, or deletion of confidential information could result in severe damage to CSULB, its students, employees, or customers. Financial loss, damage to CSULB’s reputation, and legal action could occur. Confidential information is intended solely for use within CSULB and limited to those with a “business need-to-know.” Disclosure of confidential information to persons outside of the University is governed by specific standards and controls designed to protect the information.

Level 2 – Internal Use

This is information which must be protected due to proprietary, ethical or privacy considerations. Although not specifically protected by statute, regulation, or other legal obligations or mandates, unauthorized use, access, disclosure, acquisition, modification, loss or deletion of information at this level could result in financial loss, damage to CSULB’s reputation, violate an individual’s privacy rights or legal action could occur.

Level 3 – Public

This is information that is generally regarded as publicly available. Information at this level is either explicitly defined as public information or intended to be available to individuals both on and off campus. Knowledge of this information does not expose CSULB to financial loss or jeopardize the security of CSULB’s information assets. Prior to disclosure, public information may be subject to appropriate campus review or procedures to mitigate any potential risks of inappropriate disclosure.

Identification of information classified at each level is found in Attachment A – Information Classification.

Roles and Responsibilities

Roles and responsibilities associated with Information Classification are as follows:

  • The CSU Office of the Chancelloris responsible for identifying Level 1 – Confidential Information.
  • University Information Security Officer Is responsible for assisting Division Information Security Officers in the identification of information types within their respective area and determining classification levels. The University Information Security Officer is also responsible for conducting an annual review of this Standard and amending it as appropriate.
  • Division Information Security Officers are responsible for guiding compliance with this Standard within their respective college, department, administrative area, or organization.


Information Security
(562) 985-4862