Inventory devices and data
The average campus community member uses several devices—including computers and smartphones—and quite a bit of data on a daily basis. Although some data is necessary to perform certain tasks, it has a tendency to get "lost" in the bustle. Can you remember how many files on your computer store a Social Security number? What about how many account passwords are stored there as well?
It's important to keep track of your devices and data. You can't properly protect what you don't know you have.
Organize and curate data according to laws, regulations, and policies. Organizing data improperly or inconsistently—or not organizing data at all—means exposing the University to increased risk, including a reduction in operational efficiency or effectiveness and increased potential for the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of data.
Requirements
Units must develop and maintain an inventory of their IT resources.
- Identify and understand data sensitivity.
- Inventory business processes, data, and IT resources.
- Ensure that stored data is necessary. If sensitive University information is necessary, encrypt it. If it isn't, securely erase it.
- Ensure that data storage adheres to University records retention policies and schedules.
- Ensure that data is stored in appropriate storage systems.
- Update IT resource inventories when University information or IT devices are added to or removed from the unit.
General guidelines
- Store sensitive information only if necessary.
- If you need to maintain copies of sensitive files for reference, but you don't need them for everyday use, consider transferring them to a flash drive or other removable storage media and leaving that media in a secure location, such as a locked safe or desk in your home.
