Security Tip of the Week
Information Technology Policy Updates
Changes were recently made to two of the University's IT policies.
Information Technology Policy
The Information Technology Policy, which is located at http://www.rochester.edu/it/policy was updated to clarify the Access and Use of Legally Restricted Information. Please feel free to review the entire policy, or the specific Access and Use section now reads:
Access and Use: Legally Restricted Information must be stored, used and disclosed to others only on a need to know basis to permit the individual faculty or staff member to perform their University functions for which the information was acquired and for which it is maintained. Access to legally restricted information must be carefully safe-guarded.
Protection of Legally Restricted Information from disclosure to or unauthorized access by anyone who does not have a legitimate need to access the information to comply with requirements of the law or to carry on necessary University functions is a primary responsibility of the Custodian.
Alternatives to using Legally Restricted Information should be identified and used whenever possible.
Disclosure of Legally Restricted Information to a third party agent or vendor is permitted only if the agent or vendor assumes a legally binding obligation to safe-guard the use and disclosure of the information. The electronic exchange of Legally Restricted Information outside of the Univeristy of Rochester must have proper approval. In addition,
- the appropriate Information Security Office must be consulted to ensure appropriate security controls are employed (See contact list within the policy).
- Corporate Purchasing must be consulted to ensure appropriate contract language is incorporated into any agreement
Contact the Office of Counsel for appropriate contractual language.
Policy on Acquisition and Disposal of Multifunctional Devices, Copiers and Similar Devices
This policy had several changes made to reflect the arrangement that is now in place with a new print vendor. The updated policy is located at http://www.rochester.edu/it/policy/assets/pdf/mdc.policy.pdf
Do you have ideas that should be shared as security tips of the week? If so, please send them to UnivIT_SP@ur.rochester.edu.