University-Internal (Controlled)

Is your data regulated under an existing law or framework?

If you know your data is regulated by a specific law or, or is controlled by a contract or legal framework, you can select the choice below to learn what Texas A&M University classification level applies.

If you're not sure if your data is regulated by any of these laws, just select. "No." This calculator will guide you to the correct classification based on the content of your data.  

Do you have student data?

Student data is regulated under FERPA.
Examples of student data include rosters, grades, any student-generated work and even a student's schedule. 

Do you have health data?

Do you use, access, or collect health information for any individuals other than yourself?
Examples of protected health data are clinical data, personal health records, or any data regulated under HIPAA or HITECH.

Do you have research data?

Research data is defined as “the recorded factual material commonly accepted in the scientific community as necessary to validate research findings.” Research data does not include preliminary analyses, drafts of scientific papers, plans for future research, peer reviews or communications with colleagues.

My research data contains:

Do you have financial records?

Examples of data in this category are financial aid data; federal tax information, credit card numbers, or banking information (other than your own); financial and budget data for the university or a university its unit; or any other data that falls under GLBA.

Do you have data with sensitive personal information?

Sensitive personal information is defined by Texas Government Code §521.002; it can be government-issued ID numbers or documents (SSNs, passport or licenses numbers); electronic signatures or personal biometric information; financial account numbers; or any data that falls under GDPR.

Do you have government-classified Top-Secret or other restricted data?

This type of data is very rare within the university.
Examples include: highly classified research; export-controlled information (under EAR or ITAR); classified information relating to defense services; information covered by an invention secrecy act; or data from a federal agency that is controlled unclassified information (CUI).

Do you have data related to other university business?

Other types of university data are related to the administrative and business functions of the institution. This includes a wide variety of data with different levels of sensitivity.

I have data that contains:

Do you have data that doesn’t fit in the categories above? Is it Public?

Public data is the category of data with the lowest sensitivity, and is openly available to the public, or available upon request without screening.

Examples include:

  • Data intended for distribution on a publically-accessible website
  • Public directory information for employees or departments
  • Directory information for students who have not requested a FERPA block
  • Intercollegiate sports information (team rosters, schedules, etc)
  • Research publications not under embargo
  • Official university communications and public announcements

I have data that falls into one of these categories.

Your Results

Your data contains the following classifications. When planning, treat all of your data with the highest classification.

These results are only a guide. Although it covers many common cases, there may be situations and data that are not fully addressed by this tool. If you have questions about the appropriate classification level of your data, or about the security measures that should be applied to it, please contact the Division of IT at