Information Security - Office of Information Technology. Princeton University appropriately secures its information from unauthorized access, loss or damage while supporting the open, information- sharing needs of our academic culture. A. Classification Levels.
All University Information is classified into one of four levels based on its sensitivity and the risks associated with disclosure. The classification level determines the security protections that must be used for the information. When combining information, the classification level of the resulting information must be re- evaluated independently of the source information’s classification to manage risks. Additional requirements for the protection of information in each classification level are identified in the Princeton Information Protection Standards and Procedures. The classifications levels are: 1. Restricted. The following University Information is classified as Restricted: Social security number. Bank account number.
![Information Information Manual Manual Policy Policy Procedure Procedure System Technology Information Information Manual Manual Policy Policy Procedure Procedure System Technology](http://www.dot.state.wy.us/files/live/sites/wydot/files/shared/Planning/Research/RS06212.jpg)
![Information Information Manual Manual Policy Policy Procedure Procedure System Technology Information Information Manual Manual Policy Policy Procedure Procedure System Technology](http://upload.wikimedia.org/wikipedia/commons/thumb/2/29/Huefte-roentgen.jpg/200px-Huefte-roentgen.jpg)
Driver’s license number. State identity card number. Credit card number. Protected health information (as defined by HIPAA) State and Federal laws require that unauthorized access to certain Restricted information must be reported to the appropriate agency or agencies. All reporting of this nature to external parties must be done by or in consultation with the Office of the General Counsel (see: Office of General Counsel/Privacy/Information Technology). Sharing of Restricted information within the University may be permissible if necessary to meet the University’s legitimate business needs. Except as otherwise required by law (or for purposes of sharing between law enforcement entities), no Restricted information may be disclosed to parties outside the University, including contractors, without the proposed recipient’s prior written agreement (i) to take appropriate measures to safeguard the confidentiality of the Restricted information; (ii) not to disclose the Restricted information to any other party for any purpose absent the University’s prior written consent or a valid court order or subpoena; and (iii) to notify the University in advance of any disclosure pursuant to a court order or subpoena unless the order or subpoena explicitly prohibits such notification. In addition, the proposed recipient must abide by the requirements of this policy. Any sharing of Restricted information within the University must comply with University policies including Rights, Rules and Responsibilities and Acceptable Use Policy for Princeton University Information Technology and Digital Resources.
Confidential. University Information is classified as Confidential if it falls outside the Restricted classification, but is not intended to be shared freely within or outside the University due to its sensitive nature and/or contractual or legal obligations. Examples of Confidential Information include all non- Restricted information contained in personnel files, misconduct and law enforcement investigation records, internal financial data, donor records, and education records (as defined by FERPA). Sharing of Confidential information may be permissible if necessary to meet the University’s legitimate business needs. Unless disclosure is required by law (or for purposes of sharing between law enforcement entities), when disclosing Confidential information to parties outside the University, the proposed recipient must agree (i) to take appropriate measures to safeguard the confidentiality of the information: (ii) not to disclose the information to any other party for any purpose absent the University’s prior written consent or a valid court order or subpoena; and (iii) to notify the University in advance of any disclosure pursuant to a court order or subpoena unless the order or subpoena explicitly prohibits such notification. In addition, the proposed recipient must abide by the requirements of this policy. Any sharing of Confidential information within the University must comply with University policies including Rights, Rules and Responsibilities and Acceptable Use Policy for Princeton University Information Technology and Digital Resources. Unrestricted Within Princeton (UWP)University Information is classified as Unrestricted Within Princeton (UWP) if it falls outside the Restricted and Confidential classifications, but is not intended to be freely shared outside the University. One example is the Faculty Facebook. The presumption is that UWP information will remain within Princeton University. However, this information may be shared outside of Princeton if necessary to meet the University’s legitimate business needs, and the proposed recipient agrees not to re- disclose the information without the University’s consent.
Publicly Available. University Information is classified as Publicly Available if it is intended to be made available to anyone inside and outside of Princeton University. B. Protection, Handling, and Classification of Information. Based on its classification, University Information must be appropriately protected from unauthorized access, loss and damage. Specific security requirements for each classification can be found in the Princeton Information Protection Standards and Procedures. Handling of University Information from any source other than Princeton University may require compliance with both this policy and the requirements of the individual or entity that created, provided or controls the information. If you have concerns about your ability to comply, consult the relevant senior executive and the Office of the General Counsel. When deemed appropriate, the level of classification may be increased or additional security requirements imposed beyond what is required by the Information Security Policy and Princeton Information Protection Standards and Procedures.
![Information Information Manual Manual Policy Policy Procedure Procedure System Technology Information Information Manual Manual Policy Policy Procedure Procedure System Technology](http://4.bp.blogspot.com/-l1SCRFBQBbc/T4LVceHJ7eI/AAAAAAAABWE/_986fd0_Fxs/s640/VC+booby+trap.jpg)
![Information Information Manual Manual Policy Policy Procedure Procedure System Technology Information Information Manual Manual Policy Policy Procedure Procedure System Technology](http://www.freedomfightersforamerica.com/yahoo_site_admin/assets/images/media_babble.23204314.jpg)
The IT policy manual covers the common IT requirements and. Home / Information Technology / IT Policy Manual. A foundation for a system of internal controls. Computer & IT Policies and Procedures Manual. IT department managers say that an Computer & Information Technology Policies and Procedures Manual helps them with the. Kern County Administrative Policy and Procedures Manual CHAPTER 7 INFORMATION TECHNOLOGY. per the County Administrative Policy and Procedures Manual or other.
![Information Information Manual Manual Policy Policy Procedure Procedure System Technology Information Information Manual Manual Policy Policy Procedure Procedure System Technology](http://www.inspection.gc.ca/DAM/DAM-food-aliments/STAGING/images-images/fssa_nonfed_guides_foodsafety_annex3_1352908553755_eng.jpg)
Procedure No. P210 Advertising Media Policy Procedure No. P220. the 2015 Purchasing Policies and Procedures Manual. Finance and Information Technology. Information Technology Policy and Procedure Manual Template. {insert relevant operating system here e.g. Windows}. IT Policies and Procedures Manual Template. . Core Policy and Procedure Manual (CPPM) Chapter 12. They are. management, information technology. Information Technology Management. Information Security Policy. Acceptable Use Policy for Princeton University Information Technology and Digital. Procedure for Responding to a Possible Exposure. Information Security Policy Manual. network and information technology resources, the Information Security Office may temporarily remove or block any system.