|Oversight Unit:||INFORMATION TECHNOLOGY-TECHNICAL SERVICES|
This policy provides standards to protect the confidentiality, integrity, and availability of university data. The policy applies regardless of the media on which the data resides.
All users of NMU Network Resources, administrative data, systems that access university data and media that store university data.
Data will be maintained in a secure, accurate, and reliable manner and be readily available for authorized use. Data security measures will be implemented commensurate with the value, sensitivity, and risk involved. Data will be protected and secured according to applicable federal and state requirements as well as university policies.
To implement security at the appropriate level, to establish guidelines for legal/regulatory compliance, and to reduce or eliminate conflicting standards and controls, data will be classified into one of the following categories:
Confidential: data that, if disclosed to unauthorized persons, would be a violation of federal or state laws and regulations, university policy, or university contracts. Any file or data that contains personally identifiable information of a trustee, officer, agent, faculty, staff, retiree, student, graduate, donor, or vendor may also qualify as confidential data. Confidential data includes but is not limited to:
Private: data that must be guarded due to proprietary, ethical, or privacy considerations and must be protected from unauthorized access, modification, transmission, storage or other use. This classification applies even though there may not be any law or other regulation requiring this protection. Private data is information that is managed and secured by personnel designated by the university who have a legitimate business purpose for accessing such data. Private data includes but is not limited to:
Public: data to which the general public may be granted access in accordance with Northern Michigan University policy. Public data includes but is not limited to:
Data owners, in conjunction with the Chief Technology Officer, the Assistant VP Information Services, and as appropriate, the Dean of Library and Instructional Support, or qualified designates, will develop, implement, and/or contract for appropriate data security using technology protocols, data encryption, data access controls, data retention and disposal procedures, data storage management, and end user training and awareness programs.
The Chief Technology Officer or a designate will regularly review this policy and the implementing procedures to ensure timely updates after legal, regulatory, technological, or other relevant changes.