Login   |   Secure Purdue > Best Practices

Information Classification for Purchasing

Information Owner: Director of Purchasing & Sponsored Programs Administration

Office Responsible for system: Purchasing

Data Steward: Kay Parker

Date: August 2002

Purchasing Related Information:

Purchasing maintains information related to Procurement of goods and services and its companion functions (receiving, inventory, distribution, payments and reporting).

Purchasing data resides in the new Ariba application, the legacy mainframe applications and in a departmental database.

Purchasing information includes but is not limited to description of item, serial #, inventory #, vendor name, address, buyer code, SPSC code, account #, ship to information.

Most Purchasing information is sensitive, however certain data is considered restricted.

Information NameDescriptionClassifications
PublicSensitiveRestricted
Vendor Demographic Data Name, address, codes for Minority, Small Business Info   X X
Ghosted PCard # and Dept PCard #
Vendor Product Data (catalogs) Product, Services and Pricing   X  
RFP, Bids Information about Requests for Proposal, Bids, and results of the Bids X
Results of bid
X
Information gathering stage
X
Pricing info submitted to supplier
Commodity Code Code number, description and mapping of the SPSC code to object code X    
User Profile Information about the user (name, role, permissions, .) Except SSN used for initial validation   X X
SSN
Purchase Order Data Supplier name, commodity code, buyer code, description of item, quantity, unit price, total, shipping information (ship-to address and name of staff member to ship to), etc.   X X
Dept Card #
Purchasing Card #'s and Ghosted P Card #'s The Pcard number is associated with the accounting data in Ariba, but it's also tied to the Purchase order (especially when orders are sent out to the suppliers via fax and email, the credit card number is on the order).     X
Receipt Info Product accepted or rejected.   X