Practices for the Information Security Policy
Your data are valuable. In order to manage data security risks, units and University community members must ensure that their electronic devices and other resources which store, transmit, or process University information meet the information security processes and standards contained in the Information Security Policy.
Identify the Security Level of Your Data
The University uses the following three-tier security system.
High
- Large amount of data
- Legally protected data
- Impact on critical functions
Medium
- Smaller amount of data
- Private and/or public data
- Lower impact on critical functions
Low
- Smallest scope
- Public data
- Low/no impact on critical functions
Begin by identifying your security level. Then use the resources linked below to comply with the Information Security Policy. If you have questions, contact University Information Security.
Comply with the Information Security Policy
Please note: A gap analysis is not the same as an Information Security Risk Assessment. Learn more about Risk Assessments.
Who Is Responsible?
If you are responsible for how your unit uses or stores data, or if you manage your own data storage or server equipment, you are responsible for ensuring your systems, processes, and practices comply with the Information Security Policy. Typical University roles include:
- Department/unit executive/head
- IT director or administrator
- Researcher who manages your own data storage/server
- Purchaser of new contracts or systems
- Employee or University Community Member
Questions? Contact us.