IS-3 What Units Can Do Now

Campus-level implementation of IS-3 will happen in phases. However, there are things that Units at all levels can do to get started.

Be aware that Protection Levels are changing

UC uses a 1-4 scale, while Berkeley has been using a 0-3 scale. This means that all PL numbers will be changing. There are also category changes for certain types of information, so its not as simple as just adding 1 to the current PL number. An updated version of Berkeley's Data Classification Standard is now available. The UC Data Classification Standard and Guide are also available to review. At a high level, this is what you’ll see:

Learn about the new Availability Levels

This is a new concept for information security at UC. Availability Level refers to the impact of loss of availability or service, measured on a scale of 1-4. A4 is the highest level of impact and A1 is the lowest. Availability Level helps to determine what protections are required to ensure that information and resources are available when needed. The four Availability Levels are described in the updated Berkeley Data Classification Standard. Additional information is also available in the UC Data Classification Standard and Guide.

 

AL Flags with Scale

Identify and classify your Unit's Institutional Information and IT Resources

Update references to Protected Data and PL numbers on your websites and internal documentation

We've put together the following table to help you convert general references to Protection Levels. You can choose to add the parenthetical reference with the UCB or convert straight over to the new UC P# directly.

UCB Protection Level Numbers

UC Protection Level Numbers

UC P1 (formerly UCB PL0)

UCB PL0 -> UC P1

UC P2/P3 (formerly UCB PL1)

OR:             

UCB PL 1 -> UC P2/P3

UC P4 (formerly UCB PL2/PL3)

UCB PL2/PL3 -> UC P4

Please note: These general conversions are only best approximations and are not a perfect mapping. For documents that speak to specific references refer to the Data Classification Standard https://security.berkeley.edu/data-classification-standard#plclassification

For example: FERPA-protected data is currently listed as UCB PL1, but will become UC P3 in the new numbering system. Therefore, it would not be appropriate to use the generic placeholder of UC P2/P3 when referring to this data.