Policy

Information Accessibility

________________________________________
Document Number: REDFLAG--109
Revision #: 2.0
Document Owner: VP of Business and Finance
Date Last Updated: 04/25/2018
Primary Author: VP of Business and Finance
Status: Approved
Date Originally Created: 12/15/2011
________________________________________
General Description

Description:
Information about information accessibility relative to Red Flags Identity Theft Policy.

Purpose:
Delineation of policy.

Scope:
All faculty, staff, students, and administrators

Responsibility:
Administration
VP of Business and Finance
________________________________________
Requirements

Relevant Knowledge:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes

Terms and Definitions:
Additional training
Corrective Action
Loss of privilege, general
________________________________________
Policy Provisions

1. Information Accessibility

1.1 Hard Copy Accessibility

1. Entrances and Exits
•All facility entrances and exits that are determined not for public use will remain locked at all times, unless it violates fire code.

2. Mail Accessibility
•Mail must be kept in a secure area until requested by the postal carrier or received internally by the intended recipient who shows at least one photo identification to the mail handler.

3. Surveillance Equipment
•The University reserves the right to use cameras and other surveillance equipment to monitor public, operations, and restricted areas.

4. Employee Authorization
•Every employee will be thoroughly trained before being authorized to handle CSI.
•Employees shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities.
•A written procedure and checklist will be used by management to terminate access when an employee is terminated from service.

5. Service Provider Accessibility
•Service providers shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities as stated in their service provider agreements.


1.2 Soft Copy Accessibility

1. Technology System Audits
•The University will conduct periodic technology system audits to test the integrity of technology information systems no less than annually.

2. Logging on and off Computers
•Only authorized personnel may log onto University networks and equipment.
•All personnel are required to log off computers when not in use.

3. Passwords
•Employees shall use strong passwords containing a combination of numbers, letters, and characters. Passwords should be changed no less than once every (90) ninety days.

4. Personal Use of Technology Equipment
•Employees are permitted to browse the internet with company equipment only for company purposes.
•Employees are permitted to instant message using company equipment only for company purposes.
•Employees are permitted to check personal email on company equipment.

5. Remote Access
•Remote access to University networks must be approved using IT protocols and said access must be done with authorized resources.





________________________________________
Performance Evaluation

Performance Metrics:
Compliance with standard policy and procedure
Compliance with federal mandate

Consequences:
Further training
Loss of privileges
________________________________________
Subject Experts

The following may be consulted for additional information.

VP of Business and Finance