IT will follow best practices in ensuring information security and privacy, and enforce all related Institutional policies, including University IT Policy 28 and University IT Policy 12. Measures at ensuring security and privacy will include, but not be limited to application security; server security; end-point device security; security of data at rest; security of data in transit; access control; and security-related user practices.
IT will continue to scan all devices for software updates and vulnerabilities, and systematically review system logs for auditing of possible security vulnerabilities.
IT will promote awareness of security-related issues, as communicated through the University’s Information Security Office, IT Community Partnerships, and industry security notices and bulletins. IT will engage in an open and ongoing dialog with OVPUE staff about ways to maintain privacy and security of work and personal data.
IT personnel will regularly undergo training on security matters, including sessions on systems security, web application security and data protection policies.
All data managed through OVPUE systems will be classified and handled in line with OITGF1, and the levels defined in the latest institutional policy on data classification (Policy DM01: Management of Institutional Data). For risk mitigation, IT will provision and or recommend appropriate locations for storage of data based on classification.
IT will conduct periodic scans of managed systems for sensitive data and recommend appropriate action for data stored in unsanctioned locations. Strong recommendations will be made for the removal of sensitive data that has been retained beyond business use.
Business continuity, in the event of catastrophic service outages, will be established following the stipulations of the OVPUE Business Continuity Plan, available in the IU Ready system.