Data awareness/management of institutional data

About this policy

Policy contact:

Mark Napier

Date of last update:

June 1, 2023

Procedures

  • Data privacy and security info graphic card (PDF) is distributed to all current and new faculty and staff. This card is reviewed annually and revised as needed.
  • IU IT Policy IT-07, Privacy of Electronic Information and Information Technology Resources will be posted at Service Desk locations
  • Incident Response Policy text will be posted in Luddy-occupied buildings
  • Privacy newsletter published to Luddy email distribution list quarterly
  • All Luddy ITG members will use the CAS+Duo authentication option for CAS-protected resources
  • All Luddy ITG members will review university and Luddy IT policies at least annually
  • Anti-Phishing training will be conducted annually and for new hires
  • Critical Data is stored only on approved devices and transferred across the network only with strong encryption
    • Windows Desktop machines have Desktop and Documents folders re-directed to Apollo (Luddy critical-data-approved file server in data center) to preempt user error (storing critical data on local desktop file system)
  • All Luddy laptops are set up with full disk encryption before being released to end users
  • Backups of central file servers are sent to UITS backup services with encryption.
  • Approval to access critical and restricted data will be documented per IT Policy: Problem Resolution and Service Desk including appropriate approvals.