Indiana University should provide a secure, resilient, policy-based information and infrastructure environment to protect the security, integrity, and privacy of data. Ongoing upgrades to the environment and policies should enhance personal confidence in the security of data and privacy of individuals in the pursuit of institutional and individual goals.
- IU should develop and coordinate the implementation of a strategic and comprehensive security and privacy program that fulfills legal and policy obligations as well as obligations to individuals. The program should protect institutional assets, engender confidence from members of the university community, and continue to facilitate appropriate access to data for the legitimate needs of the IU community.
Implementation Plan: 17, 17a, 17b, 17c, 17d
- IU should continue its program of outreach and education to increase the awareness and understanding of security and privacy issues among all members of the university community. Individuals who interact with sensitive, important and/or private resources should have appropriate training to fully understand their responsibilities regarding privacy and should periodically receive updated training.
Implementation Plan: 18, 18a, 18b, 18c
- IU should provision data storage that provides appropriate physical and electronic protection. Sensitive, non-public, and/or important university information should be rigorously governed by policies and processes that ensure appropriate maintenance and retention.
Implementation Plan: 19
- IU should continue development of an enterprise-level business continuity program that includes emergency response, operations recovery, and disaster recovery across all critical functions, based upon university-wide risk assessment and management.
Implementation Plan: Under development