Protecting Electronic Restricted Data

Everyone is responsible for the appropriate protection of restricted data under their jurisdiction or control.

General practices for the management and protection of electronic restricted data are available below. Online computer security training is also available.

If there is any question about whether restricted data is being adequately protected, a review by UCSC IT Security or UCSC Internal Audit staff should be requested.


Practices for Protecting Restricted Data:

"QUICK REFERENCE "
Selected and abbreviated information to get you started.

General Practices for Protecting Electronic Restricted Data - Expanded version
General information and guidance to help protect UCSC's electronic restricted data and reduce the risk of unauthorized access or disclosure.

Management Responsibilities for Protecting Electronic Restricted Data - DRAFT 
Specific management responsibilities for the protection of restricted data. These responsibilities are above and beyond the general practices, above, and assume that Management is familiar with those practices.

IT Service Provider Responsibilities for Protecting Electronic Restricted Data
Specific IT Service Provider responsibilities for the protection of restricted data. These responsibilities are above and beyond the general practices, above, and assume that IT Service Providers are familiar with those practices. 


Specific Responsibilities:

  • Everyone is responsible for the appropriate protection of restricted data under their jurisdiction or control.
  • System Stewards are responsible for identifying restricted data under their purview and communicating this information, along with associated information about appropriate access and use, degree of sensitivity, criticality, and risk tolerance, to Management and Service Providers.
  • Service Providers are responsible for understanding the above information from System Stewards and for ensuring the appropriate protection of restricted data on systems under their control, including any downloading of such information or temporary storage on other systems.
  • Management is responsible for understanding the above information from System Stewards and for ensuring that individuals have appropriate authorization and user and security training prior to accessing restricted data.

Getting Help:

Contact the ITS Support Center with questions or for additional information about any of the above sets of practices: itrequest.ucsc.eduhelp@ucsc.edu, 459-HELP (4357), or 54 Kerr Hall M-F 8 AM to 5 PM


Additional Resources:

Last reviewed 12/21/10