Re: Employee Non-Disclosure Agreement

["Gregg, Christopher S." <csgregg () STTHOMAS EDU>]

We have a Privileged Access & Confidentiality Agreement that must be signed by all employees upon hire, including 
student employees.  It was initially aimed at people with ERP access, but everyone signs one since we don't know what 
access they might end up having down the road.

Here is a link to the form (since it is on our public website): 
https://www.stthomas.edu/media/informationtechnologyservices/pdf/USTPrivilegedAcces.pdf

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jeff Choo
Sent: Thursday, October 11, 2018 12:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Employee Non-Disclosure Agreement

Hi Franzi

We only required any employee including work-study students to sign an NDA if they are handling PII, PCI-DSS, or HIPAA 
related data.  This is on top of the of the employee policies handbook, FERPA, and WISP.

Regards,

Jeff


"A problem well put is half solved." - John Dewey

Jeff Choo - Director, Information Technology | Information Security Officer
William James College
One Wells Avenue, Newton, MA 02459
Helpdesk: 617-327-6777 x1600
Direct: 617-564-9344
Email: jeff_choo () williamjames edu<mailto:jeff_choo () williamjames edu>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Franzi Willenbuecher
Sent: Thursday, October 11, 2018 12:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Employee Non-Disclosure Agreement

Hello,

What is everyone's stance on requiring non-disclosure agreements (possibly in addition to an acceptable use agreement) 
for your employees? If you do require it, how do you justify the need for it?

Thanks,
Franzi



[Emporia State University]
Franzi Willenbuecher
Information Security Training Analyst
Information Technology
Emporia State University
620-341-6704
fwillenb () emporia edu<mailto:fwillenb () emporia edu>
hornet.emporia.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fhornet.emporia.edu%26c%3DE%2C1%2CAk7FKMXoV-9hloAs4lr_WCH1kX0yZSD3wER7cyLascFKx0IZ1cVvwvU09FC0DMOXhDYAtQk0KkonnzU56a7bCAmi74fXdYpzDXrTKBaT9cFbCGpTl3uUi2Mb%26typo%3D1&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7Cd1bc1f77a9d84477366208d62f9af5d4%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636748739951933877&sdata=5xyJG7qRXyber0dUa8TWPCmRUWFTyohfTAN3rhKbJD8%3D&reserved=0>
[cid:image002.png@01D45735.E1BE3810]   October is National Cyber Security Awareness Month! Learn more at 
hornet.emporia.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%253a%252f%252fhornet.emporia.edu%26c%3DE%2C1%2CnxS_jIXw34FoXV97O6Dw1wNQa4o2PWRxFtRJV1tjXoPxlyCI9M4_VfqIWVdMyRy_iwgtRg8MKqK9iJNsVsn7dbtB-QUBhCAHuXoeG1NGFJBSh7eGddY42A%2C%2C%26typo%3D1&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7Cd1bc1f77a9d84477366208d62f9af5d4%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636748739951943879&sdata=6n84X9artJyj%2FnV1vsRZMDjxnOsEKCaF%2F54%2FNzVEsok%3D&reserved=0>
 "Information Security"

This message may contain confidential information intended only for the individual named. If you received this message 
by mistake, please let the sender know by e-mail reply and delete it from your system. If you are not the intended 
recipient you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the 
contents of this information is strictly prohibited.