IT Governance approves second group of Information Security Standards

One of the top priorities of the Information Security Standing Committee is the creation of Information Security Standards that serve to guide the University community on how best to secure the technology that accesses, stores, processes, or transmits University data.

The second group of University-wide Information Security Standards that were approved by this committee in May of 2021 are now available. They include:

Information Security Awareness & Training Standard

This standard outlines the responsibilities of departments in ensuring that their staff are appropriately trained to maintain compliance with regulations that protect sensitive data.

• IT Impact: The Ohio University Information Security Office can enroll faculty, staff, and students in Data Security training.
• OHIO Community Impact: Departments are responsible for identifying those individuals that need to complete data security training and request enrollment through the Information Security Office. Individuals assigned data security training are responsible to complete the assigned training.

Information Security Incident Response Standard

This standard outlines the process for notification of and response to a data security incident involving data processed, stored, or transmitted by the University. The Incident Response Process Document supplements this Standard and outlines the University’s response to an information security incident.

• IT Impact: The Information Security Office will investigate any reported or suspected information security incidents according to the process and procedures outlined within the Information Security Incident Response Standard and the Incident Response Process Document.
• OHIO Community Impact: OHIO faculty, staff, and students have a responsibility to report any suspected information security incidents to the Information Security Office.

Physical Security Standard

This Standard defines control to maintain the confidentiality, integrity, and availability of OHIO resources through the prevention of loss, damage, theft, or compromise of University data and assets.

• IT Impact: OHIO IT Professionals will assist with implementing system controls that ensure the physical security of systems and data.
• OHIO Community Impact: OHIO faculty and staff have a responsibility to ensure they maintain the physical security of data and systems.

Safeguarding Sensitive University Data Standard

This Standard establishes the guidelines for the process of safeguarding sensitive University data from improper disclosure.

• IT Impact: OHIO IT Professionals will assist with implementing system controls that ensure the protection of sensitive data.
• OHIO Community Impact: All members of the University community have a responsibility to know what sensitive data is and their responsibility for ensuring the protection of this information.

Sensitive Data within OneDrive Standard

This Standard describes the technical and administrative controls that must be implemented when storing sensitive data within Ohio University’s OneDrive for Business (“OneDrive”) accounts.

• IT Impact: OHIO IT Professionals will assist with the proper technical configuration in accordance with this standard to ensure sensitive data can be stored within OneDrive.
• OHIO Community Impact: OHIO faculty and staff that have a need to store sensitive data within OneDrive will request a OneDrive group and adhere to the administrative controls as outlined within the standard.

All Information Security Standards have an exception process, should an individual or unit have circumstances preventing them from complying with a Standard.

The Ohio University community is encouraged to read the full Information Security Standards. Additionally, the Information Security Office is hosting a Standards Q&A Session on July 12, 2021 at 2:00pm. Interested participants can sign up for the session by completing the registration form in advance.