To Home Page To Home Page
General Description
Requirements
Policy Provisions
Performance Evaluation
Subject Experts
PG--Information Storage
Policy

Document Number: REDFLAG--106 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/14/2011

General Description
Description:

Information about storage of information relative to the Red Flags Identity Theft Policy.


Purpose:

Delineation of policy.


Scope:

All faculty, staff, students, and administrators


Responsibility: Administration
Executive VP
VP of Business and Finance

Back to Top

Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions: Additional training

Corrective Action

Back to Top

Policy Provisions
1.

Information Storage


Storing Confidential and Sensitive Information is a normal function of conducting business at the University. Employees shall only store CSI for legitimate business needs and those needs related to their individual job responsibilities.

 


1.1

Hard Copy Storage


1.1.1

On-site storage


On-site storage refers directly to CSI stored within any University facility.

 

1. Employees Personal Belongings

The University will provide all personnel with a secure place to store personal belongings. Employees are responsible for keeping personal items secure during work hours.

 

2. CSI Stored in a Workspace

Confidential and Sensitive Information stored in an office, cubicle, reception area, cash register, or other workspace must be kept in locked desks, cabinets, closets, or lockers when not in use.

 

3. File Rooms and Storage Rooms

File and storage room doors must be closed and locked when unattended by authorized personnel.

 

4. Records Storage

Company, customer, transaction, and service provider records will only be stored when there is a legitimate business need. Any records in storage beyond the legal statute of limitations will be appropriately disposed of by designated employees.

 


1.1.2

Off-site storage


Off-site storage refers to any place CSI is stored outside of designated University facilities.

 

1. Approved Storage Facilities

CSI may only be stored in facilities authorized by University Administration.

 

2. Storage Service Providers

All storage service providers must comply with the service provider oversight policies in this Identity Theft Prevention Policy.

 


1.2

Soft Copy Storage


Company representatives shall only store CSI on University authorized computers, telecommunications, or other electronic devices. A list of approved equipment will be maintained by the company’s Identity Theft Prevention Officer or Information Technology Professional.

 

1. Encryption

All CSI stored on portable electronic devices or electronically transmitted must be encrypted.

 

2. Portable Electronic Devices

Portable electronic devices must be secured when not in use. The physical security of these devices is the responsibility of the authorized user. These include laptop computers, cell phones (specifically smart phones), jump drives, thumb drives, external hard drives, etc.

 


Back to Top

Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training

Back to Top

Subject Experts
The following may be consulted for additional information.
Executive VP

VP of Business and Finance

Back to Top

This page created 10/30/2014 using Zavanta® version 6.0