Data 保密ity and Security 政策

政策

数据的安全和机密性

• Sensitive 信息 is not recommended for storage on mobile devices or portable 媒体.  When alternative methods of access as described below are not practical or feasible, sensitive 信息 stored on mobile devices or portable 媒体 must be protected by additional security in the form of encryption or other College-approved 保护方法.  员工 that are unsure of how to best employ these technologies are required to consult with computer center staff to ensure a properly functioning 安装.
• 保密 信息 must not be stored on mobile devices or portable 媒体.  This includes reports, documents, spreadsheets, email messages, email attachments, memoranda, and confidential 信息 from any source.  校内可获得此类服务 digitally stored 信息 is provided through the college’s local area network.  Remote access to digitally stored confidential data is provided through the college’s VPN (Virtual Private Network)业务.
• Exceptional circumstances that require confidential 信息 to be stored on a mobile device or portable 媒体 must be approved in writing in advance by an administrative level supervisor describing the data elements and the duration of the exception.  When confidential 信息 is approved for use in this way, additional security in the form of encryption or other College-approved measures must be employed.  员工 are required to consult with computer center staff to ensure a properly functioning 安装.  Data stored under these circumstances will be deleted at the approved 截止日期.
• E-mail messages are sent across the network unencrypted and are easily forwarded to 校外地址.  Email messages and attachments should not contain confidential 信息.  Shared network drives and other secure methods of sharing confidential 可获得相关信息.  Please contact the computer center staff for help with 这些问题.
• College-owned mobile devices may be equipped with location tracking and remote file 删除功能.  These features are not routinely enabled.  但是，如果设备 is determined to be lost or stolen, the College will turn on the location tracking features and may implement remote file deletion as part of the recovery process.

物理设备安全

• Mobile devices and portable 媒体, when not in your physical possession, must be kept behind locked doors or other physically secure environments.  留下任何含有 sensitive or confidential 信息 in an automobile is not considered secure.
• Mobile devices and portable 媒体 containing sensitive or confidential 信息 永远不会借给别人吗.

目的

To protect the integrity, confidentiality and security of 信息 entrusted to the College by its employees, students and the community.

这项政策适用于谁

This policy applies to all users of the College’s 信息 systems and services.

参考文献

校董会政策手册

定义

流动装置- include mobile computers, personal digital assistants (PDAs), smart phones, and other mobile devices capable of transmitting, viewing or storing data.

便携式媒体—— includes USB flash drives, memory sticks, CD ROM disks, printed documents, floppy diskettes and any other portable storage 媒体.

数据类别

• 正常的 - 限制最少的一类数据. Although it must be protected from unauthorized disclosure and/or modification, it is often public 信息 or generally releasable under college procedures for processing public records requests. 例子包括 class schedules, course catalogs, general ledger data, 信息 commonly published in directories, and employee demographic statistics.
• 敏感, This class includes data which is required by law to enjoy specific protections or for which agencies are obligated to prevent identity theft or similar crimes or abuses. 例子包括 people’s names in combination with any of the following: driver’s license numbers, birth date, employee identification number, student identification number, and education records including papers, grades, and test results.
• 保密 - These data elements are passwords in the traditional sense or items that function in the role of an access control such as credit card numbers, 截止日期s, PINs, 或者信用卡安全码.  保密 信息 includes, but is not limited to, Social Security numbers, personal financial 信息, credit card 信息, medical data, law enforcement records, agency security data, financial identifiers, business records, or 信息 about receipt of governmental services.

过程

Incumbent employees were educated regarding the importance of this issue in the fall of 2008 and asked to sign a copy of the agreement.  协议包含在所有文件中 新员工入职培训.