See Also: Policy 4810 - TMCC Telecommunications Use and Policy 4814 - Information Security and Inventory of Institutional Data
Protection of Confidential or Sensitive Data
Confidential or Sensitive Data (highest level of security)
- Protected due to legal requirements (FERPA, Gramm Leach Bliley Act, ADA, EEO, HIPAA, etc.)
- All data must be either password protected, encrypted, or stored on secure network drives
- Whole disk encryption is an option
Institutional/Proprietary Data (moderate level of security)
- All data must be either password-protected, encrypted, or stored on secure network drives
Public Departmental Data (lowest level of security)
- Protected at the discretion of the department/owner
- Recommended that data be stored on secured network drives
Eradication of Data on Surplus or Repurposed Computers
- Follow the procedures in the Baseline Security Procedures (see below) for all TMCC department and unit computers for administrative office desktops and academic lab computers, as well as application and file servers.
Inventory of Data Locations
On an annual basis, the College's departments and units will inventory the physical and network location of confidential or sensitive data. Each department or unit will create a master list that details this information for reference.
Security Incidents
A security incident can be anything from a suspected virus on a computer, knowledge of malicious intent concerning the TMCC computer systems, witnessing suspicious activity, inappropriate release of College data, or the reasonable belief of unauthorized data access.
- Information security incidents should be reported to IT management in person, via email, or by telephone.
- In the event of an information security incident, TMCC IT management is responsible for notifying College leadership as necessary.
- Physical security incidents should be reported to the TMCC Police Department in person, online, or by telephone.
- In the event of a physical security incident, TMCC Police Department management is responsible for notifying College leadership as necessary.