|
|
General Description
|
|
Description:
|
Information about information accessibility relative to Red Flags Identity Theft Policy.
|
|
Purpose:
|
|
|
Scope:
|
All faculty, staff, students, and administrators
|
|
Responsibility:
|
Administration
Executive VP
VP of Business and Finance
|
 |
|
|
Requirements
|
|
Relevant Knowledge:
|
In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
|
|
Terms and Definitions:
|
Additional training
Corrective Action
Loss of privilege, general
|
|
|
|
|
Policy Provisions
|
1.
|
Information Accessibility
|
|
1.1
|
|
|
| · |
All facility entrances and exits that are determined not for public use will remain locked at all times, unless it violates fire code. |
| · |
Mail must be kept in a secure area until requested by the postal carrier or received internally by the intended recipient who shows at least one photo identification to the mail handler. |
| 3. |
Surveillance Equipment |
| · |
The University reserves the right to use cameras and other surveillance equipment to monitor public, operations, and restricted areas. |
| 4. |
Employee Authorization |
| · |
Every employee will be thoroughly trained before being authorized to handle CSI. |
| · |
Employees shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities. |
| · |
A written procedure and checklist will be used by management to terminate access when an employee is terminated from service. |
| 5. |
Service Provider Accessibility |
| · |
Service providers shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities as stated in their service provider agreements. |
|
1.2
|
|
|
| 1. |
Technology System Audits |
| · |
The University will conduct periodic technology system audits to test the integrity of technology information systems no less than annually. |
| 2. |
Logging on and off Computers |
| · |
Only authorized personnel may log onto University networks and equipment. |
| · |
All personnel are required to log off computers when not in use. |
| · |
Employees shall use strong passwords containing a combination of numbers, letters, and characters. Passwords should be changed no less than once every (90) ninety days. |
| 4. |
Personal Use of Technology Equipment |
| · |
Employees are permitted to browse the internet with company equipment only for company purposes. |
| · |
Employees are permitted to instant message using company equipment only for company purposes. |
| · |
Employees are permitted to check personal email on company equipment. |
| · |
Remote access to University networks must be approved using IT protocols and said access must be done with authorized resources. |
|
|
|
|
|
|
|
|
Performance Evaluation
|
|
Performance Metrics:
|
Compliance with standard policy and procedure
Compliance with federal mandate
|
|
|
|
|
Consequences:
|
Further training
Loss of privileges
|
|
|
|
|
Subject Experts
|
|
The following may be consulted for additional information.
|
|
|
Executive VP
VP of Business and Finance
|
|
|
|
To Home Page