To Home Page To Home Page
General Description
Requirements
Policy Provisions
Performance Evaluation
Subject Experts
Information Accessibility
Policy

Document Number: REDFLAG--109 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/15/2011

General Description
Description:

Information about information accessibility relative to Red Flags Identity Theft Policy.


Purpose:

Delineation of policy.


Scope:

All faculty, staff, students, and administrators


Responsibility: Administration
Executive VP
VP of Business and Finance

Back to Top

Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions: Additional training

Corrective Action

Loss of privilege, general

Back to Top

Policy Provisions
1.

Information Accessibility


1.1

Hard Copy Accessibility


1. Entrances and Exits

· All facility entrances and exits that are determined not for public use will remain locked at all times, unless it violates fire code.

 

2. Mail Accessibility

· Mail must be kept in a secure area until requested by the postal carrier or received internally by the intended recipient who shows at least one photo identification to the mail handler.

 

3. Surveillance Equipment

· The University reserves the right to use cameras and other surveillance equipment to monitor public, operations, and restricted areas.

 

4. Employee Authorization

· Every employee will be thoroughly trained before being authorized to handle CSI.

· Employees shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities.

· A written procedure and checklist will be used by management to terminate access when an employee is terminated from service.

 

5. Service Provider Accessibility

· Service providers shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities as stated in their service provider agreements.

 


1.2

Soft Copy Accessibility


1. Technology System Audits

· The University will conduct periodic technology system audits to test the integrity of technology information systems no less than annually.

 

2. Logging on and off Computers

· Only authorized personnel may log onto University networks and equipment.

· All personnel are required to log off computers when not in use.

 

3. Passwords

· Employees shall use strong passwords containing a combination of numbers, letters, and characters. Passwords should be changed no less than once every (90) ninety days.

 

4. Personal Use of Technology Equipment

· Employees are permitted to browse the internet with company equipment only for company purposes.

· Employees are permitted to instant message using company equipment only for company purposes.

· Employees are permitted to check personal email on company equipment.

 

5. Remote Access

· Remote access to University networks must be approved using IT protocols and said access must be done with authorized resources.

 


Back to Top

Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Loss of privileges

Back to Top

Subject Experts
The following may be consulted for additional information.
Executive VP

VP of Business and Finance

Back to Top

This page created 10/30/2014 using Zavanta® version 6.0