...
The WISP Data Classification standard provides three levels of data classification regarding the level of security placed on the particular types of information assets.
...
- FERPA: Student Information: Educational Records not defined as directory” information, typically: Grades, Courses taken, Schedule, Test Scores, Advising records, Educational services received, Disciplinary actions, Student photo.
- Campus Attorney-client communication.
Internal (Protected Level 3 - PL-3)
- Campus Financials. Campus Attorney-client communication.
- Employee Information: Name with: Home Address, Home Phone, Personal Email, Marital Status, Gender, Evaluation, Personnel Actions.
...
Listed below are the only Suffolk University IT Tools and Services to Store or Share Suffolk Protected Data
Storage Location | Description | Protected level 1 (PL-1) | Protected level 2 (PL-2) | Protected level 3 (PL-3) | Protected level 4 (PL-4) |
OneDrive for Business | An enterprise service that allows students, faculty, and staff to store, share, and edit files within online Office apps as part |
of Suffolk University Microsoft Office 365. | Use Prohibited | Use Restricted Must be set to Private | Use Permitted | Use Permitted | |
SharePoint / TEAMS | An online collaboration space that is part of Suffolk University Office 365. | Use Prohibited | Use Permitted** Must be set to Private | Use Permitted | Use Permitted |
IT Network File Shares | Network drives that are only accessible on the Suffolk University network and managed by Suffolk University ITS. | Use Permitted ** | Use Permitted | Use Permitted | Use Permitted |
University-owned devices | Local Workstation or Laptop managed by Suffolk University ITS. | Use Prohibited | Use Restricted ** Must be encrypted. Suffolk encrypts all University-owned laptops | Use Permitted Must be encrypted. Suffolk encrypts all University-owned laptops | Use Permitted |
Non-University-owned devices | Personal Computers or devices not owned or managed by Suffolk University. | Use Prohibited | Use Prohibited | Use Prohibited | Use Permitted |
Portable Storage | Thumb drives, portable hard drives, or any other portable device that is capable of storing files. | Use Prohibited |
*** | Use Prohibited |
*** | Use Restricted Must be provided by Suffolk University ITS or Owned by the Suffolk Employee. The device must be encrypted. | Use Permitted | |||
** With the review and approval of the Information Security office. Please contact the Service Desk at servicedesk@suffolk.edu for more information. ***exceptions Must have a legitimate business requirement. Must be reviewed and approved by the Information Security Office, encrypted using the latest accepted approved encryption, and Suffolk University owned device. | |||||
Document Storage Supplemental Guidance
While Suffolk provides a variety of data storage locations for University Data, including data that is work in progress and used for collaboration. Sensitive data such as FERPA data should only be stored and remain in the system of record for that data (Such as student data in Colleague) Any copies of the official record data or remnants of copies made outside the system of record for that data should be removed and not retained. All University Data must be retained in compliance with the University Records Retention Schedule.
...
- Be familiar with the University’s document retention schedule
Knowing how long certain documents must be kept will help keep your department in compliance. - Know how to handle the data you access.
- Remember to always keep sensitive data stored in the Source System.
- Working copies should be removed when done.
- If in doubt Ask your supervisor or contact Service Desk at servicedesk@suffolk.edu.
- All documents need to be organized in order to be useful.
- Browsing through your folders and finding files should be intuitive.
- Use Folders and subfolders to keep your files organized in a logical way. The benefits include; easier file retrieval, greater efficiency, improved business continuity, and a potential need for less storage space through routine purging of non-essential records.
- The best folder structure may be one that mimics the way your department functions.
- A standard hierarchy of folders and subfolders can look like this:
- Department Name
- Sub-Department Name (if necessary)
- Shared Content
- Spreadsheets
- Word Documents
- Databases
- …
- Projects
- Project A
- Project B
- Historical
- FY2019
- FY2020
- Shared Content
- Sub-Department Name (if necessary)
- Department Name
- If you find a hierarchy that works well for your department, use it as a template anytime you start a new project or task.
- Be purposeful when naming your files.
- Use words that are indicative of what is in the file. Consider what words you may use in the future to search for this file and put those words in the name.
- Files should be named consistently.
- Use short but descriptive file names.
- Use capitals and underscores instead of periods, spaces, or slashes.
- Avoid special characters.
- Use a consistent date format. YYYYMMDD is often best as your files will automatically be organized chronologically.
- If you are naming files that go in order, use a leading zero (01, 02 rather than 1,2) to ensure that your files stay in order.
- Keep track of file versions by adding a version number at the end of the file name.
- For the final version, substitute the word FINAL for the version number. This is especially important if files are being shared.
- Regular maintenance is necessary to keep folders and files organized and useful.
- Create archive folders to store old versions of important files.
- Routinely remove files that are no longer useful and are not required for retention. If you are not sure if a file must be retained, do not delete it.
- Document your folder and file conventions and share with colleagues to ensure consistency across your department.
rev1.34
1103/0312/2021 2024 ITS Information Security Officer