/Institutions/Cumberland-University/json/2018-2019/University-Policy-local.json

/Institutions/Cumberland-University/json/2018-2019/University-Policy.json

Policy > Red Flags > Information Accessibility

Information Accessibility

Information Accessibility
Policy

________________________________________
Document Number: REDFLAG--109 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/15/2011
________________________________________
General Description
Description: Information about information accessibility relative to Red Flags Identity Theft Policy.

Purpose: Delineation of policy.

Scope: All faculty, staff, students, and administrators

Responsibility: Administration
Executive VP
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
Terms and Definitions: Additional training

Corrective Action

Loss of privilege, general
________________________________________
Policy Provisions
1. Information Accessibility

1.1 Hard Copy Accessibility

1. Entrances and Exits
• All facility entrances and exits that are determined not for public use will remain locked at all times, unless it violates fire code.

2. Mail Accessibility
• Mail must be kept in a secure area until requested by the postal carrier or received internally by the intended recipient who shows at least one photo identification to the mail handler.

3. Surveillance Equipment
• The University reserves the right to use cameras and other surveillance equipment to monitor public, operations, and restricted areas.

4. Employee Authorization
• Every employee will be thoroughly trained before being authorized to handle CSI.
• Employees shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities.
• A written procedure and checklist will be used by management to terminate access when an employee is terminated from service.

5. Service Provider Accessibility
• Service providers shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities as stated in their service provider agreements.


1.2 Soft Copy Accessibility

1. Technology System Audits
• The University will conduct periodic technology system audits to test the integrity of technology information systems no less than annually.

2. Logging on and off Computers
• Only authorized personnel may log onto University networks and equipment.
• All personnel are required to log off computers when not in use.

3. Passwords
• Employees shall use strong passwords containing a combination of numbers, letters, and characters. Passwords should be changed no less than once every (90) ninety days.

4. Personal Use of Technology Equipment
• Employees are permitted to browse the internet with company equipment only for company purposes.
• Employees are permitted to instant message using company equipment only for company purposes.
• Employees are permitted to check personal email on company equipment.

5. Remote Access
• Remote access to University networks must be approved using IT protocols and said access must be done with authorized resources.





________________________________________
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate

Consequences: Further training
Loss of privileges
________________________________________
Subject Experts
The following may be consulted for additional information.
Executive VP

VP of Business and Finance