Dublin City University

Similar documents
Information Handling and Classification Table

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard

DATA STEWARDSHIP STANDARDS

INFORMATION ASSET MANAGEMENT POLICY

Data Protection Policy

01.0 Policy Responsibilities and Oversight

Information Security Data Classification Procedure

Introduction to Personal Data Protection DCU Risk & Compliance Office October 2015

Security Policies and Procedures Principles and Practices

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Enviro Technology Services Ltd Data Protection Policy

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Checklist: Credit Union Information Security and Privacy Policies

April Appendix 3. IA System Security. Sida 1 (8)

Data protection policy

Data Breach Incident Management Policy

Data protection. 3 April 2018

Acceptable Use Policy

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Employee Security Awareness Training Program

DCU Guide to Subject Access Requests. Under Irish Data Protection Legislation

Guidelines for Data Protection Document Information

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

INFORMATION SECURITY POLICY

Building Information Modeling and Digital Data Exhibit

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

PS Mailing Services Ltd Data Protection Policy May 2018

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Data Protection Policy

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Information Technology Standards

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Data Protection Policy

Records Management and Retention

The Common Controls Framework BY ADOBE

Information Governance Policy

Classification of information V1.1

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Department of Public Health O F S A N F R A N C I S C O

St Bernard s Primary School Data Protection Policy

HIPAA Security and Privacy Policies & Procedures

Southern Adventist University Information Security Policy. Version 1 Revised Apr

Data Security Policy for Research Projects

IAM Security & Privacy Policies Scott Bradner

UKIP needs to gather and use certain information about individuals.

Records Information Management

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

ADIENT VENDOR SECURITY STANDARD

Privacy Policy: Data & Information Security Policy Last revised: 9 May 2018

University of Liverpool

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Data Governance Framework

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Freedom of Information and Protection of Privacy (FOIPOP)

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

LCU Privacy Breach Response Plan

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

PROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO

De Montfort Students Union Student Data Privacy Statement

WHEATON COLLEGE RETENTION POLICY May 16, 2013

The simplified guide to. HIPAA compliance

User Guide: Sensitive Data Clean-up - Employee-initiated Scans

Guidelines for Data Protection

Data Loss Assessment and Reporting Procedure

Data Processing Agreement

WORKSHARE SECURITY OVERVIEW

Privacy Impact Assessment (PIA) Tool

Institute of Technology, Sligo. Information Security Policy. Version 0.2

Information Classification and Handling Policy

Data Protection Policy

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

UTAH VALLEY UNIVERSITY Policies and Procedures

Information Security Policy for Associates and Contractors

Bring Your Own Device Policy

Recommendations for Implementing an Information Security Framework for Life Science Organizations

INFORMATION!SECURITY!GUIDELINES!

Information Security Controls Policy

Information Security BYOD Procedure

Data Processing Agreement

SECURITY & PRIVACY DOCUMENTATION

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

Network Performance, Security and Reliability Assessment

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Element Finance Solutions Ltd Data Protection Policy

Abu Dhabi Certification Scheme for Beauty Salon Sector

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

HIPAA Privacy and Security Training Program

Data Encryption Policy

Information Security Policy

Identity Theft Prevention Policy

Transcription:

Dublin City University Data Handling Guidelines Data Handling Guidelines

Data Handling Guidelines These guidelines are to provide guidance to data custodians as to how they may protect data classified under the headings defined in the Data Classification policy. (See Appendix A for Data classification.) These guidelines are considered best practice for the protection of that Classification/ Activity Access Control Backup DCU Highly Restricted DCU Restricted DCU Controlled Available only to those who have an absolute requirement for access. This requirement must be submitted in writing and authorized by the data custodian. Access should be reviewed on a regular basis. Where access is granted to a third party, a nondisclosure agreement should be in place. Data should be highly protected. Backups should be taken on a nightly basis, subject to data change rate. Backups should be held in a secure fire-prooflocation removed from the data source. This data is a candidate for online mirroring to a remote location. Available to authorized users only. Access should be reviewed on a regular basis. Where access is granted to a third party, a non-disclosure agreement should be in place. Data should be protected by backups and held in a secure location away from the source Available to all DCU employees and others as required. Data should be protected by backup. Data Handling Guidelines Page 1 of 4

Classification/ Activity Labelling Physical Transfer (paper) Electronic Storage DCU Highly Restricted DCU Restricted DCU Controlled Irrespective of the data classification labels should be used to convey the importance of the data where appropriate, e.g. Confidential or Strictly Confidential. For classifications of data due care should be taken in respect of the transfer of information in physical form. Must be stored in systems accessible only to those covered under access above. Must be stored in systems accessible only to those covered under access above. Must be stored in systems accessible to those covered under access above. Servers which hold this data must be housed in a secure datacenter environment. Where data is held outside the source system it must be Storage of this data outside of the source system, for example on a laptop or memory stick; must be approved by the data custodian. Where data is held outside the source system it must be Where a mobile device is used to access/store DCU sensitive data or email, appropriate security settings must be configured. USB devices must not be used for Data Handling Guidelines Page 2 of 4

the storage of sensitive personal Encryption software must be installed on all DCU owned laptops. Electronic Transfer Internal to DCU Electronic Transfer External to DCU Data transfers need to be USB devices must not be used for the transfer of sensitive personal Data transfers need to be May not be emailed unless Where possible data transfers should be Transmission over a wireless network needs to be Where possible data transfers should be May not be emailed unless Encryption should be considered where appropriate Encryption should be considered where appropriate. Disposal USB devices must not be used for the transfer of sensitive personal Physical copies of data should be shredded. Storage media, including hard drives which have ever held such data should be disposed of in a secure manner. Please consult ISS for further information. Physical copies of data should be shredded. Storage media, including hard drives which have ever held such data should be disposed of in a secure manner. Please consult ISS for further information. Systems handling data may be disposed of in a normal fashion. Data Handling Guidelines Page 3 of 4

Classification/ Activity System Controls System Availability DCU Highly Restricted DCU Restricted DCU Controlled Information may only be processed on approved DCU systems, which are managed by a designated systems manager. Where the data availability requirement is high, consideration should be given to hosting this data on a resilient infrastructure which would protect against outages. Information may only be processed on approved DCU systems, which are managed by a designated systems manager. Information should be subject to the appropriate industry standards which ensure the availability of the information when and where required. Information should be processed on the basis of basic best practice. Information should be subject to the appropriate industry standards which ensure the availability of the information. Data Handling Guidelines Page 4 of 4

Appendix A Data Classification Data Classification DCU Controlled With this classification protection of information is at the discretion of the custodian and there is a low risk of embarrassment or reputational harm to DCU. Examples: Meeting minutes; unit working & draft documents DCU Restricted DCU has a legal, regulatory or contractual obligation to protect the information with this classification. Disclosure or loss of availability or integrity could cause harm to the reputation of DCU, or may have short term financial impact on the university. Examples: Student or employee records; grades; employee performance reviews; personally identifiable information. DCU Highly Restricted Protection of information is required by law or regulatory instrument. The information within this classification is subject to strictly limited distribution within and outside the University. Disclosure would cause exceptional or long term damage to the reputation of DCU, or risk to those whose information is disclosed, or may have serious or long term negative financial impact on the University. Examples: PPS numbers; Physical or mental health record relating to individuals; Critical research Data Handling Guidelines Page 5 of 4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback