cPanel, Risk Level Assessment

If the information on your website is sensitive, cPanel may not be an appropriate solution for that site. Use the guidance in this page to help determine whether cPanel is appropriate for your website's needs.

The cPanel service as a whole responds to the risk level assessment in the following ways. If your answers to the risk level assessment for your own site are of higher criticality than the service's responses, cPanel is not an appropriate service for hosting your website. This is just one means of evaluation. There are other factors to consider when deciding on appropriate hosting for your website. Feel free to contact the Web Hosting Team at https://go.illinois.edu/cpanelhelp to discuss your individual web site needs.

Data Classification

Public or Internal

  • Internal - Non-Classified, unpublished research data, Intellectual Property with no legal compliance requirements, "Competitive Advantage" information
  • Public - Web site with no personal information of any kind stored

cPanel is appropriate for public and internal data.

Sensitive

  • Sensitive - Student data including directory information, FERPA data, data covered by a Non-Disclosure Agreement (NDA)

If your website includes sensitive data, you should evaluate carefully for yourself whether cPanel is appropriate for your site.

High Risk

  • High Risk - Credit Card Data, Personal Health Data, Personal Financial Data, Passwords, ITAR/EAR (Export Control), Social Security Numbers, HR Information

If your website includes high risk data, it is not appropriate for the cPanel service.

Risk Assessment Questions

What is the SCOPE of the system or service in question?

Scopes 1 - 4: OK

  1. = Workgroup or Individual
  2. = Department
  3. = College or School
  4. = University/Campus-wide

All responses to this question are appropriate for the cPanel Webhosting Service

How many RECORDS are involved with this system or service?

It depends

  1. = less than 10,000
  2. = greater than 10,000
  3. = greater than 100,000
  4. = greater than 1,000,000

This question is unclear in the context of websites. Most websites do not need to be concerned with the response to this question. You may wish to explore this risk factor more if you are hosting an application that deals with records.

 On a scale of 1 to 4, select a value (where 4 is MOST critical), that represents the criticality that this system or service be AVAILABLE at all times in order for your unit to pursue its central mission. 

Options 1, 2 or 3: OK

  1. = No impact to primary mission
  2. = Some impact but we can do other things until it is available again
  3. = Significant damage to our ability to work

If you chose one of these answers, the cPanel Web Hosting service can be appropriate for you.

Option 4: No

  1. = Vital that system or service never be unavailable

If you answered 4 to this question, do not choose the cPanel Web Hosting Service to host your website

On a scale of 1 to 4, select a value (where 4 is MOST critical), that represents the criticality that this data on this system or service be reliable at all times in order for your unit to pursue its central mission. 

Options 1 or 2: OK

  1. = No impact to primary mission
  2. = Some impact but we can do other things until the data is repaired

If you chose one of these answers, the cPanel Web Hosting service can be appropriate for you.

Options 3 or 4: No

  1. = Significant damage to ability to work
  2. = Vital that data maintain integrity

If you answered 3 or 4 to this question, do not choose the cPanel Web Hosting Service to host your website

If your physical facility were unavailable because of a natural disaster, and your entire work environment needed to be re-created in an alternate work location, select a value that represents the place in the order in which this system or service would be restored. 

Option 1: OK

  1. = It can wait until the primary facility is restored

If you chose this answer, the cPanel Web Hosting service can be appropriate for you.

Options 2, 3, or 4: No

  1. = Needed in the alternate location after other systems are restored
  2. = Not necessarily first, but fairly early in the recovery
  3. = Critical–it should be one of the first systems restored

If you answered 2, 3, or 4, do not choose the cPanel Web Hosting Service to host your website.



Keywords:
cPanel, web hosting, data sensitivity, FERPA, HIPAA risklevel 
Doc ID:
94376
Owned by:
Web H. in University of Illinois Technology Services
Created:
2019-09-10
Updated:
2022-01-10
Sites:
University of Illinois Technology Services