UserIds and Passwords
q Request new UserIds for departmental employees to access administrative computer systems.
q Determine that the access level assigned to each employee is appropriate given the employee’s duties.
q Ensure that each employee accessing an administrative system has a separate UserId.
q Inform employees of the University guidelines on passwords.
q Determine that systems automatically require password changes or send periodic reminders to staff to change passwords to important administrative systems.
q Maintain current records showing the UserIds and systems that can be accessed for each employee.
q Ensure that UserIds have been deactivated for terminated or transferred employees.
Confidential Data
q Inform employees working with confidential or sensitive data of the restrictions regarding the release of such data.
Software
q Make staff aware of requirements to utilize legitimate software.
q Advise staff to maintain files of current software licenses.
Risk analysis and Disaster Recovery
q Determine critical data and systems for departmental operations.
q Develop a department Disaster Recovery Plan.
Backup Procedures
q Develop and implement procedures for backup of critical data for systems not automatically backed up by Computer Services.
q Ensure that backup is rotated to storage in another building or off-campus as appropriate.
Physical Security
q Inform employees to not leave computers unattended and logged on to systems with critical or confidential data.