To Home Page To Home Page
General Description
Requirements
Policy Provisions
Performance Evaluation
Subject Experts
Information Accessibility
Policy

Document Number: REDFLAG--109 Revision #: 1.0
Document Owner: Date Last Updated: 11/03/2015
Primary Author: Status: Approved
Date Originally Created: 12/15/2011

General Description
Description:

Information about information accessibility relative to Red Flags Identity Theft Policy.


Purpose:

Delineation of policy.


Scope:

All faculty, staff, students, and administrators


Responsibility: Administration
VP of Business and Finance

Back to Top

Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions: Additional training

Corrective Action

Loss of privilege, general

Back to Top

Policy Provisions
1.

Information Accessibility


1.1

Hard Copy Accessibility


1. Entrances and Exits

· All facility entrances and exits that are determined not for public use will remain locked at all times, unless it violates fire code.

 

2. Mail Accessibility

· Mail must be kept in a secure area until requested by the postal carrier or received internally by the intended recipient who shows at least one photo identification to the mail handler.

 

3. Surveillance Equipment

· The University reserves the right to use cameras and other surveillance equipment to monitor public, operations, and restricted areas.

 

4. Employee Authorization

· Every employee will be thoroughly trained before being authorized to handle CSI.

· Employees shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities.

· A written procedure and checklist will be used by management to terminate access when an employee is terminated from service.

 

5. Service Provider Accessibility

· Service providers shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities as stated in their service provider agreements.

 


1.2

Soft Copy Accessibility


1. Technology System Audits

· The University will conduct periodic technology system audits to test the integrity of technology information systems no less than annually.

 

2. Logging on and off Computers

· Only authorized personnel may log onto University networks and equipment.

· All personnel are required to log off computers when not in use.

 

3. Passwords

· Employees shall use strong passwords containing a combination of numbers, letters, and characters. Passwords should be changed no less than once every (90) ninety days.

 

4. Personal Use of Technology Equipment

· Employees are permitted to browse the internet with company equipment only for company purposes.

· Employees are permitted to instant message using company equipment only for company purposes.

· Employees are permitted to check personal email on company equipment.

 

5. Remote Access

· Remote access to University networks must be approved using IT protocols and said access must be done with authorized resources.

 


Back to Top

Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Loss of privileges

Back to Top

Subject Experts
The following may be consulted for additional information.

VP of Business and Finance

Back to Top

This page created 01/20/2016 using Zavanta® version 7.3