Information Accessibility
Information Accessibility
Policy
________________________________________
Document Number: REDFLAG--109 Revision #: 1.0
Document Owner: Executive VP Date Last Updated: 08/17/2012
Primary Author: Executive VP Status: Approved
Date Originally Created: 12/15/2011
________________________________________
General Description
Description: Information about information accessibility relative to Red Flags Identity Theft Policy.
Purpose: Delineation of policy.
Scope: All faculty, staff, students, and administrators
Responsibility: Administration
Executive VP
VP of Business and Finance
________________________________________
Requirements
Relevant Knowledge: In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
Terms and Definitions: Additional training
Corrective Action
Loss of privilege, general
________________________________________
Policy Provisions
1. Information Accessibility
1.1 Hard Copy Accessibility
1. Entrances and Exits
• All facility entrances and exits that are determined not for public use will remain locked at all times, unless it violates fire code.
2. Mail Accessibility
• Mail must be kept in a secure area until requested by the postal carrier or received internally by the intended recipient who shows at least one photo identification to the mail handler.
3. Surveillance Equipment
• The University reserves the right to use cameras and other surveillance equipment to monitor public, operations, and restricted areas.
4. Employee Authorization
• Every employee will be thoroughly trained before being authorized to handle CSI.
• Employees shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities.
• A written procedure and checklist will be used by management to terminate access when an employee is terminated from service.
5. Service Provider Accessibility
• Service providers shall only handle CSI for a legitimate business purpose and that is a function of their job responsibilities as stated in their service provider agreements.
1.2 Soft Copy Accessibility
1. Technology System Audits
• The University will conduct periodic technology system audits to test the integrity of technology information systems no less than annually.
2. Logging on and off Computers
• Only authorized personnel may log onto University networks and equipment.
• All personnel are required to log off computers when not in use.
3. Passwords
• Employees shall use strong passwords containing a combination of numbers, letters, and characters. Passwords should be changed no less than once every (90) ninety days.
4. Personal Use of Technology Equipment
• Employees are permitted to browse the internet with company equipment only for company purposes.
• Employees are permitted to instant message using company equipment only for company purposes.
• Employees are permitted to check personal email on company equipment.
5. Remote Access
• Remote access to University networks must be approved using IT protocols and said access must be done with authorized resources.
________________________________________
Performance Evaluation
Performance Metrics: Compliance with standard policy and procedure
Compliance with federal mandate
Consequences: Further training
Loss of privileges
________________________________________
Subject Experts
The following may be consulted for additional information.
Executive VP
VP of Business and Finance