Standard and Process
Data (including databases) must be stored to comply with regulations or contractual agreements related to data storage and to maintain the confidentiality, integrity and availability of the data.
Storing or transferring University private data to a vendor or non-University internet site/system requires an approved University contract.
Any incidental and unintended storage of files in browser or other cache files on personally owned computers and media; or email/email attachments must be deleted as soon as possible.
Staff and faculty traveling internationally must not transport export-restricted data or software outside of the U.S. The Office of the General Counsel and the Office of International Programs can provide guidance. University private data should be removed from laptops, devices or media before travelling. Store the minimum data necessary for the trip. All other files should be securely deleted (old email, old files, etc). A departmental travel or rental computer should be used. For current international travel requirements, see the official US travel site.
IT staff are responsible for working with users and data owners to develop data storage options for University data.
Users and data owners are responsible for working with IT staff to understand and follow the data storage requirements for the data they store. Data owners are responsible for publically available information.
- This standard is based on the principles of ISO/IEC 27002:2005.
- Official US Travel site
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect
Effective Date: August 2010
Last Reviewed Date: November 2014