Physical Information Security Policy

• Bylaws
• Policy Document
• Procedures
• Guidelines
• Form

June 2, 2004

June 2, 2004

PURPOSE

The purpose of this policy is to protect the security of physical information and to protect the confidentiality and integrity of confidential student and employee information.

POLICY

It is the policy of SUNY Fredonia to ensure confidential physical information is protected. In addition, physical assets that provide access to confidential information must be secure.

PROCEDURE

The following guidelines should be followed when maintaining physical information.

• File cabinets containing confidential information must be locked or in an area that can be secured from the public.

• Fireproof cabinets used to store promissory notes are locked during non-business hours.

• Confidential information should not be left on desks or open areas accessible to the public. This includes but is not limited to paper, floppy disks or CD’s.

• Private or confidential information should not be discussed in person or over the phone where it can be overheard. Where confidentiality/privacy is required, special accommodations will be made.

• All mobile devices, including PDA’s and laptops, will be password protected.

• All confidential information no longer needed must be properly destroyed (i.e., crosscut shredded) so as to ensure its confidentiality. (Office of Internal Control maintains the Record Retention policy.)

• Idle-time implementation for Banner forms access is in review by the Banner Security Committee. Idle-time, if activated, would end a work session after a specific amount of “idle” time.

• Database and system logoffs are required whenever the user is away from the computer desktop for an extended period of time.

• Computer screens should not be visible to the public and will utilize a password protected screen saver.  Desktop locking instructions for Windows and Macintosh users are located on the ITS website.