Policy regarding student, HR, or other data on departmental/college servers

["F. L. Ferreri" <f.ferreri () CSUOHIO EDU>]

Hello!

Our university is relatively centralized in regards to housing student and
administrative data.  Specifically, we have the ERP system and the data base
that houses our information centrally administered, behind its own firewall,
and the policies and procedures in place to allow access to this data.  The
network design and policies/procedures were approved by both internal and
external auditors.

Recently, we've had one of our colleges ask for access to a subset of our
centralized data base of student information.  We've met with them, gotten
their requirements and are in the process of giving them the access they
need.  Also, we're putting together a policy on how non-centralized data
must be secured.  While it's a little late to do this for this particular
college, but we'll be ready when the next request hits our desk.

Anyway, I was wondering if any of you kind folks have University-approved
policies at your institution that address the security of data on
departmental or college servers.  Any information, documents or links to Web
pages would be appreciated.

Thanks in advance,
Fabian

- - - - - - - - - - - - - - - - - - - - - - -
F. L. Ferreri
Security Administrator
Cleveland State University
phone: 216.687-2160
fax:   216.687-9200

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.