Topics Map > Policies
Topics Map > Security
Information Security Program - Sec. 2: Access, Security, and Control of Data and Information Policy
Purpose and Scope: The University of Wisconsin-Platteville maintains both paper records and computer information systems to carry out its educational mission. Federal and State laws and regulations govern access to these records. The University establishes local policies and procedures to ensure compliance with these laws and regulations and to protect the integrity of University records and the privacy of individuals. The following policy statements are applicable to all areas of the University and must be observed by all persons dealing with such information, including all University employees and students, as well as other individuals or entities that share University information for business purposes.
Policy and Principles
2. University data shall be used solely for the legitimate business of the University.
b. Data, text and software stored and processed can be traced forward and backward for audit ability;
c. Information systems capabilities can be reestablished within an acceptable time due to loss or damage by accident, malfunction, breach of security or act of God; and
d. Actual or attempted breaches of security can be detected promptly.
9. Any student engaging in unauthorized use, disclosure, alteration or destruction of information systems or data in violation of this policy shall be subject to appropriate disciplinary action, including possible expulsion and/or criminal prosecution.
10. Users may not use, query, release or print data in any application which they have not been given deliberate access to, which can include but is not limited to:
- Management - All levels of management are responsible for ensuring that system users within their area of accountability are aware of their responsibilities as defined in this policy. Specifically, managers are responsible for validating the access requirements of their staff according to their job functions prior to submitting requests for access, and for ensuring a secure office environment with regard to University information systems. Managers of major University offices should appoint an individual within their staff to ensure these responsibilities are observed. Managers are also responsible for ensuring that their staff attend appropriate training sessions offered by the University to ensure compliance with laws, regulations and local policies.
- Employees - Faculty, staff, and student employees, are responsible for the protection, privacy, and control of all University data they access or create, regardless of the data storage medium. All employees must ensure that the data and data media are maintained and disposed of in a secure manner. All employees are responsible for understanding the meaning and purpose of the data to which they have access, and may use this data only to support the normal functions of the employees' administrative and academic duties. All employees are responsible for all transactions occurring under his/her userid and/or password. Passwords and userids may not be shared with anyone under any circumstances unless the Assistant Vice Chancellor for Information Services in consultation with the University Legal Counsel approves an exception.
- Students - Students are responsible for protecting their userids and passwords so that no unauthorized persons would have access to their University records. Students are responsible for reading and understanding the Acceptable Use Policy, Email Policy, and Student Handbook, and complying with these policies and practices. Students should participate in University sponsored training sessions to improve their understanding of how to safeguard their own privacy.
- The Assistant Vice Chancellor for Information Services is responsible for providing administrative, technical and educational support in the area of information security for all users of the information systems. This support may include but is not limited to: computer account management; system and network security administration; firewall management; and information security training programs.