|
Audience: faculty, staff
Weight: required
Keywords: enterprise data, non-campus location, telecommuting
POLICY
Anyone accessing enterprise data from a non-campus location must be authorized to access the data
and authorized to work remotely. He or she must then comply with University security standards for
secure electronic communications.
BACKGROUND
- Telecommuting has become an accepted method of conducting business. With this method of
communication, come vulnerabilities that need to be mitigated. A machine whose configuration is
properly maintained is resistant to compromise by data theft, viruses, worms, spyware, etc.
SCOPE
- Currently, this policy addresses enterprise applications that are accessed through the
University's MySlice Web portal. The list of applications currently affected and the expected
dates of compliance with the Secure Remote Access Policy is indicated below. It is anticipated
that additional University administrative data will be added to the list below as more sources
of confidential data become available via remote access. Campus groups, such as the Portal
Advisory Group, will make recommendations for additions to the list as the groups perform
their roles in ensuring data security.
| Data Type |
Date of Compliance |
| Hyperion (Brio) |
11/24/04 |
| PeopleSoft HRSA 8 |
11/24/04 |
| PeopleSoft Financials |
7/1/05 |
PROCEDURES
DEFINITIONS
| Non-campus location |
An approved non-campus location may include, but is not limited to, a persistent
location, such as a home office, or a mobile location, such as a laptop computer from a
hotel room, that is in compliance with security standards.
An unapproved non-campus location is any computer device, such as a kiosk, that is not
in compliance with security standards. |
| Enterprise Data |
Any University-owned administrative data that is:
- a. Accessed via MySlice administrative applications, including
personal information that can be linked to an individual-payroll data, Social
Security numbers, birth dates, Syracuse University IDs, credit card numbers, alumni
data, and donor data. Also included is information protected under HIPAA
(Health Insurance Portability and Accountability Act), FERPA (Family Educational
Rights and Privacy Act), GLB (Gramm-Leach-Bliley) and other governmental
regulations.
- Thought of as confidential or classified internal information
(e.g. personnel disciplinary memos, vendor contracts, etc.)
|
| Authorized |
Granted permission to access enterprise data by the Data Custodian. Granted permission
to work remotely by the appropriate authority in an employee's area. The process is verified
by the ITS Security Coordinator.
|
| Telecommuting |
Performing computer-based work at home or in some other location remote from one's place
of employment.
|
| Security Standards |
Remote access methods approved by the ITS IT Security Manager. The standard for secure
remote access to enterprise applications is available on the Web at
http://its.syr.edu/security/
remoteaccess/standards.cfm |
RELATED POLICIES
REVIEW/CHANGE HISTORY
| Date |
Name |
Description |
| 9/23/04 |
|
Policy created |
Alleged violations of this policy or violation of other University policies in the course of using the Computer System may result in an immediate loss of computing privileges and may also result in the referral of the matter to the University Judicial System or other appropriate authority.
|
