A great deal of important and sensitive data now resides on computers throughout the University. This has fostered a substantial number of Web-based services and local uses of information. Unfortunately, it also had made those sensitive data vulnerable to compromise that is, to unauthorized access and/or manipulation.
The risk of compromise is serious and increasing. In general,individuals and departments should avoid keeping sensitive data on local servers or workstations. Rather, it is best to rely on data that are stored in centrally-managed systems, or to store sensitive data in centrally-managed, secure files.
Sometimes storing data on local servers or workstations is unavoidable, despite the risk. To minimize exposure, on both the University’s behalf and that of individuals, it is critical that computers containing or having automatic access to sensitive data prevent unauthorized access. They must be managed carefully, thoroughly, and professionally.
Persons responsible for computers that contain sensitive data (called “regulated computers” in what follows) must implement appropriate security and system-administration measures to prevent unauthorized access to sensitive data. The same requirement applies to University contractors,even if the computers in question are not directly on the University network.
See the Regulated Computer Policy – Definition of a Regulated Computer to find out if your computer qualifies.
See Regulated Computer Policy – Security and Management Guidelines for guidance on appropriate measures to prevent unauthorized access to sensitive data.