Skip to navigation content (Press Enter).

Information Classification

The primary goals of Information Classification are to assist McMaster staff, faculty and researchers in protecting from unauthorized disclosure the private information of individuals and the intellectual property of the university and its research community. This is important for compliance and regulatory requirements such as PCI-DSS, FIPPA, PHIPA, PIPEDA and contractual obligations.

The scope of the classification is all information that McMaster University staff or faculty collect, transmit, process, store, archive, or destroy during the course of normal operations.

An Information Classification Matrix has been developed to assist staff, faculty and researchers in appropriately identifying and handling information or data.

Download: Information Classification Matrix PDF

Principles of Information Classification...

Information should be protected in a manner consistent with its determined value and sensitivity, regardless of where it resides, what form it takes, what technology is used to handle it, or what purpose(s) it serves.

All information should be handled according to its classification so as to maintain the appropriate confidentiality, integrity and availability of that information with a primary focus of protecting private information of individuals. All users should handle information according to the classification of that information and as detailed in the Information Classification Matrix.

Information has a lifecycle of creation, use and archive/destruction.  Information may undergo change in classification during the lifecycle of that information.  Information should be re-classified where necessary to ensure appropriate handing of information.

Information should be labeled where possible as one of the four categories for classification according to the Information Classification Matrix so as to promote the appropriate handing and protection of information

Information classification should be reviewed annually or whenever regulatory, compliance or business requirements change.

All unauthorized or accidental disclosures of confidential or restricted information must be reported by logging an incident report with the UTS service desk.

Failure to appropriately protect personally identifiable information from unauthorized disclosure may result in administrative or potentially legal ramifications for the individual, department or even external partner involved.

Note: The intent is that these principles will become policies and the matrix will become a standard and as such we appreciate any feedback from the McMaster community on how to enhance or improve the substance of the material.  IT Security can be reached directly via


Understand System and/or information value as is related to the following external and internal factors:

  • Consider the implications of unauthorized disclosure, modification, destruction or disruption to McMaster University systems and information within the context of the factors above

For further assistance with understanding the value or importance of a system, or the data and information on that system, please contact IT Security:

Perform regular risk assessments:

System Administrators should perform the following risk assessments:

  • Value assessment

Disaster Recovery and Business Continuity:

  • Develop a redundancy strategy that is appropriate to the value of the information on the system
  • Perform regular backups of data, information and system files

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.

Mosaic Upgraded Interface

Service Desk

Client Self Service:
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Location: Main Campus BSB Rm. 245
Service Catalogue:

Great Idea Site

Great Idea