Category 2

Category 2: Mandatory use in order to comply with institutional policies

Examples:

  1. A contract developer is hired from a consulting firm to assist in developing a core administrative system. The developer will use his or her own laptop (provided by the consulting firm) and will have institutional data stored on that laptop. Your institutional policy on mobile computing devices requires full disk encryption software as well as other baseline security practices. The developer's laptop must comply with the requirements of your mobile computing policy.
  2. Your institution is contracting with a third-party for W2 processing. Your institutional policy on the handling of Social Security numbers requires that they be encrypted with 1024 bit keys while stored in any sort of file or database.

Relevant Themes:


Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).