It is the responsibility of all employees of the University to protect sensitive data against loss or theft. 意识、教育和 practice of the following procedures can assist in this matter. 这些 procedures are in place to help protect employees, customers, contractors 和 the university from damages related to the loss or 滥用敏感资料.

This document refers to securing sensitive data 和 physical hardware 在办公室里 environment or mobile environment where data may be 参考(在家里或笔记本电脑上). 这不是为了解决问题 electronic data stored on university servers. 

目标

In order to effectively protect 和 secure university data, the 设立了以下目标:

a) Create, distribute 和 annually review the “安全办公程序”文件
b)培训所有员工 whose jobs relate to sensitive data on both the “Secure Office Procedure” 和 Information Security Best Practices
c)火车 departmental managers to be aware of the importance of the procedures 以及执行它们的必要性 

员工培训

Employee awareness 和 education is an integral part of securing 大学的敏感数据. 以下程序将是 强制执行以确保适当的培训:

a) Upon hire, the 安全办公流程 和 Setting Strong Password documents are emailed to the new employee 安全办公程序第2页4
b)安全办公程序 和 Setting Strong Password documents are sent annually to all 员工通过电子邮件
c) Internal training, specific to each area, will be provided to employees who have access to sensitive data
d) 信息技术 will provide Best Practices information at IT seminars 和 offer to attend annual departmental meetings to cover the 以下主题:

i. 对社会工程方案的认识

ii. 安全办公程序

3. 强密码创建

iv. 数据存储

v. 数据加密

vi. 备份

7. 反病毒和反间谍软件工具

8. 不安全的技术 

一般办公室保安措施

以下 procedures should be followed within office suites, individual offices or workrooms 和 mobile locations where data may be referenced: 

a) Keys or keycards used for access to sensitive 数据不应无人看管
b)密码不应该是 shared or written down 和 left in accessible locations
c)如果你 have a student that will regularly be using your machine, contact the IT Service Desk 和 request a staff account for that student. (不要 请提供你的密码)
d)确保密码不常见 information such as date of birth, names of children, pets, telephone 数字等.
e) When you leave your workstation, lock your 电脑屏幕
f) Lock up laptops, USB drives, external drives, 等. 当无监督
g)当出现以下情况时，请联系IT服务台 计算机将被传递给新用户. IT会清理电脑， removing previous data 和 place a clean image on the machine.
h) Printouts containing sensitive data should be removed from networked printers immediately 和 filed appropriately in secure cabinets
i) Dispose of sensitive data on hard copy by shredding immediately
j) Departmental front desk staff should confirm identity of all visitors (GVSU staff/student workers or non-GVSU employees) who are entering 他们的面积(s)

i. Employees should feel comfortable requesting what unit someone is from 和 the purpose of their visit

ii. Employees should feel comfortable confirming meeting prior to allowing staff member/student employee to proceed 在他们的部门范围内

3. 跟GVSU的员工确认一下 预定会面

iv. Non-GVSU employees must be escorted to/from 会议区/工作区

v. 请求ID(如有必要)

vi. Provide front office staff the ability to view your calendar or print a schedule of your meetings in advance so 他们会期待与会者

k) All staff should be responsible to watch for or listen to any unusual activity 和 to be cognizant of their surroundings.

敏感信息

Sensitive data can be distributed via hard copy or electronic means 在办公室里. When given the choice, store data electronically 而不是打印硬拷贝. Consider scanning a document to store it 电子与硬拷贝.

a) “Sensitive information” includes but is not limited to the following items, whether stored in electronic or printed format:

i. 所有FERPA保护的资料*

ii. Credit card number (in part or in whole)

3. 信用卡到期日

iv. 持卡人的名字

v. 持卡人地址

vi. 社会安全号码

7. 企业识别号码

8. 雇主识别号码

ix. 薪水

x. 薪水单

xi. 利益的信息

十二世. 给信息/历史

十三世. 健康信息

十四. Content of external grants or contracts 

b)保护硬拷贝敏感数据:

i. Lock cabinets containing sensitive data when not in use or when away for extended periods of time

ii. 存放敏感数据的储藏室 should be locked at the end of the day or 当无监督

3. Desks, workstations, common work areas, printers, 和 fax machines should be cleared of all sensitive data 不使用时

iv. 白板，白板，写字 平板电脑等. should be erased, removed or shredded 不使用时

v. Documents to be shredded should be done so immediately or locked up until shredding can occur

vi. At the end of the day, all sensitive data should be in a locked drawer or cabinet

c)保护电子敏感数据. 请联系 信息技术 if there are questions in how you are storing/sharing sensitive data electronically.

i. Refrain, when possible from storing sensitive data on your personal computer hard drive or any external personal 设备. 而是使用网络驱动器空间.

ii. If storing sensitive data is required on your personal computer hard drive or an external device, encryption 和 password protection should be applied

3. Engage the screensaver when workspace is unoccupied

iv. Computer workstations should be shut down 在一天工作结束的时候

v. Lock laptop or external 设备 containing 不使用时的敏感数据

vi. Make certain data 和/or PC work station screens are not visible to the public (e.g.-靠近窗户，入口/出口 门等.)

7. If email is used to share sensitive data, encryption 和/or password protection should be used. 以下 statement should accompany the body of the email:
“这消息 may contain confidential 和/or proprietary information 和 is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.”

*See information regarding FERPA data at www.博天堂官方.edu/registrar 和 点击FERPA