7.02 Workstation Data Security

I. Purpose

The purpose of this policy is to define employee responsibilities regarding the security of data on or viewed via University-owned computer workstations and mobile computing devices.

II. Description

Display Visibility

Individuals with access to Protected data information shall ensure that any and all computer displays for which they are responsible are not visible to unauthorized viewing by others.

Data Security

Protected data should be kept on a server in the appropriate firewall zone.

Protected data is not permitted to be stored on computer workstations, removable media or mobile computing devices unless encrypted using information security industry standards, currently AES-256.

System Registration

Care should be taken when registering computers on the network not to place them in a higher security zone than is needed, particularly in the case of computers that will be publicly accessible and/or used by students other than student employees authorized to access Protected data.

III. Scope

This policy pertains to all computer workstations, portable computers, and mobile computing devices owned by Bradley University, whether located on or off campus.