RIT Information Handling and Services Matrix
The table below provides information about the different classifications of information at RIT and determines how the information can be used and who has permission to access it. For more details about information classification at RIT and examples, please visit the RIT Information Access and Protection Standard webpage. This Standard applies to everyone who accesses RIT Information Resources, whether affiliated with RIT or not, from on campus or from remote locations, including but not limited to: students, faculty, staff, contractors, consultants, temporary employees, alumni, guests, and volunteers.
Public - Information that may be accessed or communicated by anyone without restriction and has no special handling requirements associated with it.
Internal - Information that is restricted to RIT faculty, staff, students, alumni, contractors, volunteers, and business associates for the conduct of Institute business. Internal information could include building floor plans and specific library collections.
Confidential - Information that is restricted to a need-to-know basis and due to legal, contractual, ethical, or other constraints may not be accessed or communicated without specific authorization. Confidential information could include educational records, health information, and University Identification Numbers (UIDs).
Private- Information that is confidential and which could be used for identity theft. Private information also has additional mandates associated with its protection. Private information could include Social Security Number, driver's license number, and financial account information. These are all forms of information that could be used for identity theft.
The table on this page provides a quick reference list of services. In each of the tables, the classification of each service is shown in the left-hand column. The middle columns shows Check marks with an asterisk indicate there is additional information about the service and its classification in the right-hand comments column.
If you have questions about a specific use case or you do not find your use case below, reach out to infosec@rit.edu.
| RIT Service | Public | Internal | Confidential | Private | Comments |
|---|---|---|---|---|---|
| Audio/Video Conferencing: Zoom | ✓ | ✓ | ✓* | *No HIPAA-related information permitted. Other Confidential information permitted only if proper controls are used to ensure access is limited to authorized RIT participants. | |
| Audio/Video Conferencing: Zoom for Healthcare | ✓ | ✓ | ✓* | *HIPAA-related information OK. Other Confidential Information is permitted only if proper controls are used to ensure audience is limited to RIT participants. | |
| Audio/Video Conferencing: Others | ✓ | ✓ | AdobeConnect, GoToMeeting, WebEx, Bluejeans, etc. | ||
| Backups: RIT-administered (CrashPlan PROe, Veem, Commvault) | ✓ | ✓ | ✓ | ✓* | *Encryption should be enabled on backups. Backups of Private information must be encrypted. For CrashPlanPROe backups are provided by request. |
| Backups: Other non RIT-administered | ✓ | ✓ | This includes local backup on portable media and backups to cloud services. Backups of Confidential/Private information to third party apps such as Dropbox and G Suite are not allowed | ||
| Behavioral Records Management: Maxient | ✓ | ✓ | ✓ | ✓ | Student Judicial, Public Health |
| Career Services: Co-op Evaluation System | ✓ | ✓ | ✓ | Used by external and internal employers to provide evaluations of student co-op employees | |
| Centralized Administrative Console: CLAWS | ✓ | ✓ | ✓ | ✓ | Used by systems administrators |
| Cloud-based infrastructure & platforms: Oracle, AWS, Microsoft Azure, Google Cloud Platform, etc. | ✓ | ✓ | ✓ | ✓ | RIT administered with proper controls. Private and confidential information allowed only with ISO-approved authentication and authorization; (ISO Best Practices) |
| Database Hosting: Confidential or Private Information | ✓ | ✓ | ✓ | ✓ | Database hosting of Confidential or Private information requires review by the Information Security Office |
| Database Hosting: MySQL, MariaDB, etc. (RIT administered) | ✓ | ✓ | |||
| Database Hosting: MySQL, MariaDB, etc. (Non-RIT administered) | ✓ | ||||
| Disability Services Office: myDSO | ✓ | ✓ | ✓ | DSO information is governed by FERPA | |
| Document Management: Box, Dropbox, and Office 365 OneDrive | ✓ | ✓ | ✓* |
Ensure that non-public content is limited to authorized users *Confidential information allowed only with appropriate RIT access controls |
|
| Document Management: Google Workspace (g.rit.edu) | ✓ | ✓ | Ensure that non-public content is limited to authorized users | ||
| Document Management: Google Workspace: All other components (Sites, Photos, etc.) | ✓ | ||||
| Electronic Signature: AdobeSign | ✓ | ✓ | ✓ | Software Licensing Overview (ITS Link) | |
| Email: Exchange | ✓ | ✓ | Confidential and Private Information should not be sent through email. | ||
| Email: RIT Gmail | ✓ | ✓ | Confidential and Private Information should not be sent through email. | ||
| Encryption: FDE-Compliant Device | ✓ | ✓ | ✓ | ✓ | FDE is "Full Disk Encryption". Refer to Encryption at RIT |
| Event Management: EMS | ✓ | ✓ | ✓ | Event management/room scheduling. Avoid putting confidential information in meeting reservations. | |
| File Transfer: Tiger File Exchanger | ✓ | ✓ | ✓ | ✓ | Link:Tiger File Exchanger |
| Generative AI (Co-Pilot, etc.) | ✓ | ✓ | |||
| Innotas: Collaboration and Project Management | ✓ | ✓ | Used by project managers | ||
| Instant Messaging: Discord | ✓ | Classroom and other academic use | |||
| Instant Messaging: Jabber | ✓ | ✓ | Link:GIS Instant Messaging System | ||
| Instant Messaging: Other | ✓ | Not administered by RIT | |||
| International Enrollment and Programs: Ellucian ISSM | ✓ | ✓ | ✓ | International Student Services, Student Affairs | |
| Issue Tracking: JIRA | ✓ | ✓ | ✓ | ||
| MyCourses | ✓ | ✓ | ✓ | Contains FERPA data | |
| Network File Storage: ISO-approved (shares02) | ✓ | ✓ | ✓* | ✓* | *Confidential/Private information allowed only with appropriate RIT access controls |
| Network File Storage: Others | ✓ | ✓ | |||
| OnBase | ✓ | ✓ | ✓ | ✓ | Admissions, financial aid, academic departments |
| Oracle eServices: myInfo, eBiz | ✓ | ✓ | ✓ | ✓ | |
| Portfolium | ✓ | ✓ | ✓ | Student determines the information they share | |
| ProSAM | ✓ | ✓ | ✓ | ✓ | Financial Aid |
| Pyramed | ✓ | ✓ | ✓ | Student Health Center | |
| Research Computing Clusters CUI-compliant | ✓ | ✓ | ✓ | ✓ | NIST 800-171 |
| Research Computing Clusters: Non-CUI compliant | ✓ | ✓ | |||
| ServiceNow | ✓ | ✓ | ✓ | ITS, F&A departments | |
| Shared Calendars: Exchange (Internal) | ✓ | ✓ | Exchange calendar should not be shared (published) publicly | ||
| Shared Calendars: Google, Calendly, etc. (Public) | ✓ | Provide public and availability information only | |||
| Shared/Distributed Computing: Folding@home, World Community Grid | ✓ | ||||
| SIS/PeopleSoft/Campus Solutions | ✓ | ✓ | ✓ | ✓ | |
| Slack: Direct Messages and invite-only channels (RIT-administered) | ✓ | ✓ | Link: rit.enterprise.slack.com | ||
| Slack: Public Channels or non-RIT administered workspaces | ✓ | ||||
| Slate | ✓ | ✓ | ✓ | ✓ | Enrollment Services/CRM cloud service |
| Starfish | ✓ | ✓ | ✓ | FERPA records | |
| StarRez | ✓ | ✓ | ✓ | Link: mylife.rit.edu | |
| Survey Tools: Qualtrics | ✓ | ✓ | ✓ | Link: https://www.rit.edu/survey/ | |
| Survey Tools: others (SurveyMonkey, etc.) | ✓ | ||||
| Tableau | ✓ | ✓ | ✓ | Data visualization tool (RIT account) | |
| Trello and other online project management tools | ✓ | ✓ | Not administered by RIT | ||
| UC4 | ✓ | ✓ | ✓ | ✓ | Job scheduler (Oracle) |
| Voice Messaging: Asterisk | ✓ | ✓ | RIT administered | ||
| Voice Messaging: Voicemail | ✓ | ✓ | ✓* |
RIT administered *With proper security controls |
|
| Web Content Management: Drupal (RIT-administered sites) | ✓ | ✓ | RIT-managed solution for official RIT websites | ||
| Web Content Management: Others (WordPress, Google Sites) | ✓ | Websites not centrally managed by RIT | |||
| Wiki: Confluence | ✓ | ✓ | Link: wiki.rit.edu |
For more information or if you have questions, please contact the RIT Information Security Office at infosec@rit.edu