Outlook Web App | Campus Compass | Events | FSP Lookup | Infoboard

Monday, May 20, 2013 1:03 PM
Inside Tufts University Information Technology
GO >
this site tufts.edu people
   

Information Security Program - Objective

 Objective | Implementation and Program Components | Roles and Responsibilities  

I. Objective

The objective of Tufts University, in developing and implementing this Information Security Program (“Program”), is to create effective administrative, technical and physical safeguards to protect personal information, and to comply with the University’s obligations under M.G.L. 93 H, 93 I and 201 CMR 17.00 (the “Data Regulations”). This Plan explains the elements of the Program Tufts intends to establish, including the requirements for evaluating its electronic and physical methods of accessing, collecting, storing, using, transmitting, and protecting personal information. The Program covers all forms of personal information, whether it is maintained on paper, digital, or other media.

For purposes of this Program, “personal information” shall have the meaning set forth in the Data Regulations. In general, “personal information” includes an individual’s first name and last name or first initial and last name, in combination with that person’s: (a) Social Security number; (b) driver’s license or other state-issued identification card number; or (c) credit or debit card number or other financial account number, in each case with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.  “Personal information” does not include publicly available information.

II. Purpose

The purpose of the Program is to affect compliance with applicable laws (including the Data Regulations) by:
  1. identifying reasonably foreseeable internal and external risks to the confidentiality and/or integrity of any electronic, paper, or other records containing personal information;
  2. assessing the likelihood and potential damage of these threats, taking into consideration the sensitivity of the personal information;
  3. evaluating the sufficiency of existing policies, procedures, information systems, internal controls and security practices, in addition to other safeguards in place to control risks;
  4. designing and implementing a plan that puts safeguards in place to minimize those risks, consistent with the requirements of Massachusetts laws; and
  5. periodically monitoring the effectiveness of those safeguards.

III. Approved

Patricia Campbell, Executive Vice President

IV. Approval Date

February 26, 2010

V. Effective Date

March 1, 2010

VI. Executive Sponsor

David Kahle, Vice President for Information Technology and Chief Information Officer

VII. Policy Managers

University Information Technology
Office of University Counsel
Digital Collections and Archives

page 2 | page 3

More Information:
  • Information Security Program
Font Size
Printer-friendly version
 

Tufts Home | Site Map | Site Feedback | Contact University Information Technology
© 2013 Trustees of Tufts College. All rights reserved.

Tufts University