To Home Page To Home Page
General Description
Requirements
Policy Provisions
Performance Evaluation
Subject Experts
PG--Information Storage
Policy
Document Number: REDFLAG--106 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/14/2011
General Description
Description:

Information about storage of information relative to the Red Flags Identity Theft Policy.
Purpose:

Delineation of policy.
Scope:

All faculty, staff, students, and administrators
Responsibility: Administration
 Executive VP
 VP of Business and Finance
Back to Top
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
 Federal statutes
 Local statutes
 Standard company policies
 Standards of good practice
 State statutes
Terms and Definitions: Additional training
Corrective Action
Back to Top
Policy Provisions
1.

Information Storage

Storing Confidential and Sensitive Information is a normal function of conducting business at the University. Employees shall only store CSI for legitimate business needs and those needs related to their individual job responsibilities.

 


1.1

Hard Copy Storage
1.1.1

On-site storage

On-site storage refers directly to CSI stored within any University facility.

 

1. Employees Personal Belongings

The University will provide all personnel with a secure place to store personal belongings. Employees are responsible for keeping personal items secure during work hours.

 

2. CSI Stored in a Workspace

Confidential and Sensitive Information stored in an office, cubicle, reception area, cash register, or other workspace must be kept in locked desks, cabinets, closets, or lockers when not in use.

 

3. File Rooms and Storage Rooms

File and storage room doors must be closed and locked when unattended by authorized personnel.

 

4. Records Storage

Company, customer, transaction, and service provider records will only be stored when there is a legitimate business need. Any records in storage beyond the legal statute of limitations will be appropriately disposed of by designated employees.

 


1.1.2

Off-site storage

Off-site storage refers to any place CSI is stored outside of designated University facilities.

 

1. Approved Storage Facilities

CSI may only be stored in facilities authorized by University Administration.

 

2. Storage Service Providers

All storage service providers must comply with the service provider oversight policies in this Identity Theft Prevention Policy.

 
1.2

Soft Copy Storage

Company representatives shall only store CSI on University authorized computers, telecommunications, or other electronic devices. A list of approved equipment will be maintained by the company’s Identity Theft Prevention Officer or Information Technology Professional.

 

1. Encryption

All CSI stored on portable electronic devices or electronically transmitted must be encrypted.

 

2. Portable Electronic Devices

Portable electronic devices must be secured when not in use. The physical security of these devices is the responsibility of the authorized user. These include laptop computers, cell phones (specifically smart phones), jump drives, thumb drives, external hard drives, etc.

 
Back to Top
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
 Compliance with federal mandate
Consequences: Further training
Back to Top
Subject Experts
The following may be consulted for additional information.
Executive VP
VP of Business and Finance
Back to Top
This page created 10/30/2012 using Zavanta® version 5.0