Data Protection Standards

The standards for data protection include the six documents below.  They were created with the input and approval of the Information Security and Business Continuity Governance Committee and are intended to help the University more easily meet the legal, regulatory and best practice requirements that apply to our environment.

Watch the introductory video here:

  • Data Classification Guide Defines and describes the categories under which University Data can be classified: Public, Internal, Confidential, Restricted Use
  • Data Management Guide Defines the roles for managing data—Data Trustee, Departmental Security Administrators, Data Custodian—and the responsibilities of each. Also provides a list of types of data and the offices that act as trustees or owners of that data
  • Access Management and Authentication Requirements Defines how access to systems and applications is to be managed. Includes standards for the use, configuration, and care of: passwords, two-factor authentication, single sign-on and shared accounts
  • Data Protection Requirements Defines the requirements for protecting information based on the classification of the information. Standards are provided for the collection, storage, access, transmission, and destruction of the information as well as for auditing and incident handling functions
  • Minimum Security Standards Provides standards of security for electronic devices. Computers, laptops, tablets, ipads, smartphones, cloud services, etc. may all be used to store and access information. The level of security required of these devices is based on the level of sensitivity of the information that they may be used to access
  • Education, Compliance and Remediation Defines responsibilities for education, compliance and remediation activities that may be required by the data protection standards and provides the authority to conduct such activities