Applies to: (examples; Faculty,Staff, Students, etc)
Faculty , Staff , Students , Contractors_Vendors
Faculty , Staff , Students , Contractors_Vendors
The University recognizes that in certain instances it must collect, store and use Sensitive Information relating to its students, employees, and individuals associated with the University as well as certain types of research data. The University is dedicated to collecting, handling, storing and using Sensitive Information properly and securely.
University Roles Affected by Policy
Any member of the University community, including all faculty, staff, and students, who have access to University records that contain Sensitive Information covered by this Policy must comply with this Policy.
Applies to all active members of the University community, including faculty, students, staff, and affiliates, and to authorized visitors, guests, and others for whom University technology resources and network access are made available by the University. This policy also applies to campus visitors who avail themselves of the University’s temporary visitor wireless network access, and to those who register their computers and other devices through Conference and Event Services programs or through other offices, for use of the campus network.
Term |
Definition |
Breach of Security |
The unauthorized acquisition or use of Sensitive Information that creates a substantial risk of identity theft or other harm. This definition includes the unauthorized acquisition or use of encrypted electronic Sensitive Information where the confidential process or key has been compromised. |
Chief Information Security Officer (CISO) |
The Information Technology employee designated to serve as the primary person responsible for management of information security. |
Electronic |
Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities. |
Employee |
Includes all University faculty, staff and students, volunteers,
|
Encryption |
Transformation of data through the use of an algorithmic process, or an alternative method at least as secure, into a form in which meaning cannot be assigned without the use of a confidential process or key. |
Information Security Team |
Members of the IT department that have been designated to handle security-related questions and issues pertaining to the University. The CISO (“Chief Information Officer”) is a member of this team. |
Incident Response Team |
(“IRT”) Means the Chief Information Security Officer, the Vice President, Operations, the General Counsel and Chief Compliance Officer, and such other individuals as the IRT may appoint to assist with a Security Incident or Breach. |
Record |
Any material upon which written, drawn, spoken, visual or electromagnetic information or images are recorded or preserved, regardless of physical form or characteristics that contain Sensitive Information. The term Record includes both paper and electronic material. |
Sensitive Information |
Information that is designated as Restricted Use, Confidential or Internal Data under the Data Protection Standards. |
Users |
Anyone that uses our technology services. |
The University is committed to collecting, handling, storing and using Sensitive Information properly and securely. This Policy establishes an Information Security Program to create administrative, technical and physical safeguards for the protection of Sensitive Information throughout the University. The purpose of this Program is to comply with applicable laws and to:
Position/Office/Department |
Responsibility |
The University’s Chief Information Security Officer (CISO) |
The University’s Chief Information Security Officer is responsible for the administration of this Policy and the Information Security Program across departments and units that maintain Records in any format. The University’s CISO shall oversee, with the assistance of the Enterprise Risk Management Committee the administration of this Policy, including developing procedures concerning the review, oversight, and governance of this Policy, and including any necessary training. University Employees may request, collect, store or use Sensitive Information only as permitted by this Policy, the Data Protection Standards and practices required by his or her unit or department. Every member of the University community should strive to minimize the collection, handling, storage and use of Sensitive Data. Only those who have a legitimate business need to access Sensitive Data should do so, and for as limited as time as possible. Minimize or eliminate the collection, handling, storage and use of Sensitive Data whenever and wherever possible. |
Data Protection Standards policies
Digital Millennium Copyright Act Policy
Name |
Contact Information |
Lewis, Zachary, AVP IT |
Zachary.Lewis@uhsp.edu, 314-446-8402 |
Knoll, Eric, Vice President Operations |
Eric.Knoll@uhsp.edu, 314-446-8375 |