Data Security Policy

Purpose

To provide É«ÖÐÉ« with guidance in developing and implementing the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of É«ÖÐÉ« assets and information.

Policy

É«ÖÐɫ’s information, data, and records are managed in a manner consistent with É«ÖÐɫ’s risk strategy to protect the confidentiality, integrity, and availability of the assets. Data security controls are submitted to É«ÖÐÉ« senior leadership for review and approval, and include a cost-benefit analysis to inform the executive staff in their risk strategy decisions.

Summary

  • Data security controls are submitted to É«ÖÐÉ« senior leadership for review and approval
  • Data security controls will include a cost-benefit analysis to inform the executive staff in their risk strategy decisions
  • É«ÖÐÉ« employs cryptographic controls in accordance with applicable Federal and State laws, regulations and standards
  • É«ÖÐÉ« system that requires protection includes but is not limited to configuration settings, intrusion detection and prevention, various logs and password databases
  • É«ÖÐÉ« protects the confidentiality and integrity of sensitive data by using cryptographic mechanisms
  • É«ÖÐÉ« applies full disk encryption to all É«ÖÐÉ«-owned laptops, mobile devices and desktop workstations
  • Backups are encrypted (at rest)
  • É«ÖÐÉ« recommends that students enable full disk encryption on their personal devices
  • All transportable media is also encrypted
  • Papers containing confidential information must not be left out in public view and must be properly destroyed when no longer needed
  • É«ÖÐÉ« hardware and software assets are documented, tracked, and managed through inventory management
  • Faculty and staff status is tracked and managed by Human Resources and the Dean of the College
  • Student documentation is managed by Admissions, Registrar’s Office, the Dean of Students and the Advancement Office depending upon student status
  • Prior to disposal, sanitization techniques are applied to media
  • É«ÖÐÉ« ensures that there is adequate capacity to provide availability of its systems
  • É«ÖÐÉ« employs reasonable and appropriate methods for data loss prevention

Data Security Policy Details [pdf]