Departmental Information Security
Confidential information is defined as that information which is not releasable
to the public under state or federal law, and which could reasonably be used to
perpetrate identity theft, constitute a serious and unwarranted invasion of
personal privacy, compromise the physical security of university employees or
property, or compromise the University’s computer systems.
academic and administrative offices within the University have the primary
responsibility and authority to ensure their respective departments comply with
University requirements for privacy and security of specific types of
confidential information (e.g., student educational records, personnel records,
health records, and financial transaction data). These units are responsible for
general security issues (e.g., legal issues, security compliance, physical
security and communications) as well as for completing risks assessments and
assisting in the development of University IT security policies, standards and
best practices in the areas of their responsibility.
requests that each department engage in the necessary efforts to secure its data
from improper disclosure. Specifically, each department is charged to complete
the following Action Plan:
Complete an audit of confidential information electronically stored in their
respective areas. For each file or database which meets the confidential
criteria, complete and submit the
Information-Data Audit Report request. A help desk ticket will be generated
and forwarded to UIS for the purpose of identifying it for secure storage. When
feasible, remove or redact confidential information.
Review the UIS audit report for additional identification of confidential data
residing on departmental machines. When feasible, remove or redact confidential
Move all existing confidential documents to the assigned centralized
Confidential Document Storage space specified by UIS which requires network
authentication for access. Store all newly created electronic files containing
confidential information on this Confidential Document Storage space. For more
information on centralized Confidential Document Storage review this
Once a file containing confidential information
has been successfully moved to the secure storage space, delete it from local
storage and then empty the recycle bin.
For any confidential file or data that is transmitted offsite, complete and
submit the Confidential
Information-Data Transmission Report. This report allows for the
establishment of a dedicated station where files can be transmitted securely
using the latest security protocols.
6. Develop procedures and guidelines for your area to implement an ongoing process for continued information security which includes periodic security reviews referencing this action plan.