Data Security Policy

Purpose

To provide 6VµçÓ°Íø with guidance in developing and implementing the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of 6VµçÓ°Íø assets and information.

Policy

6VµçÓ°Íø’s information, data, and records are managed in a manner consistent with 6VµçÓ°Íø’s risk strategy to protect the confidentiality, integrity, and availability of the assets. Data security controls are submitted to 6VµçÓ°Íø senior leadership for review and approval, and include a cost-benefit analysis to inform the executive staff in their risk strategy decisions.

Summary

  • Data security controls are submitted to 6VµçÓ°Íø senior leadership for review and approval
  • Data security controls will include a cost-benefit analysis to inform the executive staff in their risk strategy decisions
  • 6VµçÓ°Íø employs cryptographic controls in accordance with applicable Federal and State laws, regulations and standards
  • 6VµçÓ°Íø system that requires protection includes but is not limited to configuration settings, intrusion detection and prevention, various logs and password databases
  • 6VµçÓ°Íø protects the confidentiality and integrity of sensitive data by using cryptographic mechanisms
  • 6VµçÓ°Íø applies full disk encryption to all 6VµçÓ°Íø-owned laptops, mobile devices and desktop workstations
  • Backups are encrypted (at rest)
  • 6VµçÓ°Íø recommends that students enable full disk encryption on their personal devices
  • All transportable media is also encrypted
  • Papers containing confidential information must not be left out in public view and must be properly destroyed when no longer needed
  • 6VµçÓ°Íø hardware and software assets are documented, tracked, and managed through inventory management
  • Faculty and staff status is tracked and managed by Human Resources and the Dean of the College
  • Student documentation is managed by Admissions, Registrar’s Office, the Dean of Students and the Advancement Office depending upon student status
  • Prior to disposal, sanitization techniques are applied to media
  • 6VµçÓ°Íø ensures that there is adequate capacity to provide availability of its systems
  • 6VµçÓ°Íø employs reasonable and appropriate methods for data loss prevention

Data Security Policy Details [pdf]