RIT Information Handling and Services Matrix

RIT Information Handling and Services Matrix

The table below provides information about the different classifications of information at RIT and determines how the information can be used and who has permission to access it. For more details about information classification at RIT and examples, please visit the RIT Information Access and Protection Standard webpage. This Standard applies to everyone who accesses RIT Information Resources, whether affiliated with RIT or not, from on campus or from remote locations, including but not limited to: students, faculty, staff, contractors, consultants, temporary employees, alumni, guests, and volunteers.

Public - Information that may be accessed or communicated by anyone without restriction and has no special handling requirements associated with it.

Internal - Information that is restricted to RIT faculty, staff, students, alumni, contractors, volunteers, and business associates for the conduct of Institute business. Internal information could include building floor plans and specific library collections.

Confidential - Information that is restricted to a need-to-know basis and due to legal, contractual, ethical, or other constraints may not be accessed or communicated without specific authorization. Confidential information could include educational records, health information, and University Identification Numbers (UIDs).

Private- Information that is confidential and which could be used for identity theft. Private information also has additional mandates associated with its protection. Private information could include Social Security Number, driver's license number, and financial account information. These are all forms of information that could be used for identity theft.

The table on this page provides a quick reference list of services. In each of the tables, the classification of each service is shown in the left-hand column. The middle columns shows Check marks with an asterisk indicate there is additional information about the service and its classification in the right-hand comments column.

If you have questions about a specific use case or you do not find your use case below, reach out to rit@infosec.edu.

RIT Service Public Internal Confidential Private Comments
Audio/Video Conferencing: Zoom ✓ *   *No HIPAA-related information permitted. Other Confidential information permitted only if proper controls are used to ensure access is limited to authorized RIT participants.
Audio/Video Conferencing: Zoom for Healthcare ✓ *   *HIPAA-related information OK. Other Confidential Information is permitted only if proper controls are used to ensure audience is limited to RIT participants.

Audio/Video Conferencing: Others

    AdobeConnect, GoToMeeting, WebEx, Bluejeans, etc.

Backups: RIT-administered (CrashPlan PROe, Veem, Commvault)

✓* *Encryption should be enabled on backups. Backups of Private information must be encrypted. For CrashPlanPROe backups are provided by request.
Backups: Other non RIT-administered     This includes local backup on portable media and backups to cloud services. Backups of Confidential/Private information to third party apps such as Dropbox and G Suite are not allowed
Behavioral Records Management: Maxient Student Judicial, Public Health
Career Services: Co-op Evaluation System   Used by external and internal employers to provide evaluations of student co-op employees
Centralized Administrative Console: CLAWS Used by systems administrators

Cloud-based infrastructure & platforms: Oracle, AWS, Microsoft Azure, Google Cloud Platform, etc.

RIT administered with proper controls. Private and confidential information allowed only with ISO-approved authentication and authorization; (ISO Best Practices)
Database Hosting: Confidential or Private Information Database hosting of Confidential or Private information requires review by the Information Security Office

Database Hosting: MySQL, MariaDB, etc. (RIT administered)

   

 

Database Hosting: MySQL, MariaDB, etc. (Non-RIT administered)

 

Disability Services Office: DSIM

 

 

 

 

 

 

 

 

 

 

 

 

DSIM information is governed by FERPA

Document Management: Box, Dropbox, and Office 365 OneDrive    

Ensure that non-public content is limited to authorized users

Document Management: Google Drive and Google Shared Drives (g.rit.edu)     Ensure that non-public content is limited to authorized users

Document Management: Google G Suite: All other components (Sites, Photos, etc.)

       
Electronic Signature: AdobeSign   Software Licensing Overview (ITS Link)
Email: Exchange     Confidential and Private Information should not be sent through email.
Email: RIT Gmail     Confidential and Private Information should not be sent through email.
Encryption: FDE-Compliant Device FDE is "Full Disk Encryption". Refer to Encryption at RIT
Event Management: EMS   Event management/room scheduling. Avoid putting confidential information in meeting reservations.
File Transfer: Tiger File Exchanger Link: Tiger File Exchanger

Innotas: Collaboration and Project Management

    Used by project managers
Instant Messaging: Discord       Classroom and other academic use

Instant Messaging: Jabber

    Link: GIS Instant Messaging System

Instant Messaging: Other

      Not administered by RIT
International Enrollment and Programs: Ellucian ISSM   International Student Services, Student Affairs
Issue Tracking: JIRA    
MyCourses   Contains FERPA data
Network File Storage: ISO-approved (shares02) ✓* ✓* *Confidential/Private informaiton allowed only with appropriate RIT access controls

Network File Storage: Others

OnBase

 

 

 

Admissions, financial aid, academic departments

Oracle eServices: myInfo, eBiz  
Portfolium   Student determines the information they share
ProSAM Financial Aid
Pyramed   Student Health Center
Research Computing Clusters CUI-compliant NIST 800-171
Research Computing Clusters: Non-CUI compliant      

ServiceNow

  ITS, F&A departments

Shared Calendars: Exchange (Internal)

    Exchange calendar should not be shared (published) publicly
Shared Calendars: Google, Calendly, etc. (Public)       Provide public and availability information only
Shared/Distributed Computing: Folding@home, World Community Grid        
SIS/PeopleSoft/Campus Solutions  

Slack: Direct Messages and invite-only channels (RIT-administered)

    Link: rit.enterprise.slack.com
Slack: Public Channels or non-RIT administered workspaces        
Slate Enrollment Services/CRM cloud service

Starfish

StarRez

 

FERPA records

Link: mylife.rit.edu

Survey Tools: Qualtrics   Link: https://www.rit.edu/survey/
Survey Tools: others (SurveyMonkey, etc.)        
Tableau    Data visualization tool (RIT account)
Trello and other online project management tools     Not administered by RIT
UC4 Job scheduler (Oracle)
Voice Messaging: Asterisk     RIT administered
Voice Messaging: Voicemail ✓*  

RIT administered

*With proper security controls

Web Content Management: Drupal (RIT-administered sites)     RIT-managed solution for official RIT websites
Web Content Management: Oters (WordPress, Google Sites)       Websites not centrally managed by RIT
Wiki: Confluence     Link: wiki.rit.edu

For more information or if you have questions, please contact the RIT Information Security Office at infosec@rit.edu

Updated 3/26/2021