There is an inherent risk in handling and storing any information that must be protected. Identifying areas of risk and maintaining appropriate safeguards can reduce risk. Safeguards are designed to reduce the risk inherent in handling protected information and include safeguards for information systems and the storage of paper.
The coordinator of the Information Security Program must work with all relevant areas of the University to identify potential and actual risks to security and privacy of electronic information. Each representative or designee must also participate in a data security review whenever there is a material system change in that area. Documentation of the review will be retained by the coordinator for a period of six years from the date of its creation or the date when it last was in effect, whichever is later.
Last revised: February 2019