Practices for the Information Security Policy
Your data are valuable. In order to manage data security risks, units and University community members must ensure that their electronic devices and other resources which store, transmit, or process University information meet the information security processes and standards contained in the Information Security Policy.
Identify the Security Level of Your Data
The University uses the following three-tier security system.
- Large amount of data
- Legally protected data
- Impact on critical functions
- Smaller amount of data
- Private and/or public data
- Lower impact on critical functions
- Smallest scope
- Public data
- Low/no impact on critical functions
Who Is Responsible?
If you are responsible for how your unit uses or stores data, or if you manage your own data storage or server equipment, you are responsible for ensuring your systems, processes, and practices comply with the Information Security Policy. Typical University roles include:
- Department/unit executive/head
- IT director or administrator
- Researcher who manages your own data storage/server
- Purchaser of new contracts or systems
- Employee or University Community Member
Questions? Contact us.