Responsible Administrator(s):
Responsible Office(s):
Originally Issued: May 2015

Statement of Purpose

The purpose of this policy is to:

  • Keep university systems and the data they contain secure in order to ensure high availability and to prevent the systems from being used for unauthorized purposes.
  • Comply with federal, state, and NSHE statutes, regulations and/or policies.

Entities Affected by this Policy

Entities affected by this policy include system owners and technical administrators.

Who Should Read this Policy

System owners and technical administrators should read this policy.

Policy

Every system must have a designated system owner who is a full-time 51³Ô¹ÏºÚÁÏ employee and is accountable for the system. The system owner must ensure that the security and access requirements associated with the data on the system are in compliance with federal, state, and NSHE statutes, regulations and/or policies established by these groups.

Technical administrators must know who the system owner is and must ensure that the security and access requirements associated with the data and/or applications on the system are met.

Systems must meet security standards set by the Office of Information Technology (OIT).

Systems will be audited periodically by OIT to ensure compliance with federal, state and NSHE statutes, regulations and/or policies.

Refer to OIT’s  web page for additional information and exceptions.

Contacts

Refer to OIT’s  web page for a list of individuals who can answer questions about the policy.

Related Information

University Policies

Links

Definitions

System

Related hardware components, software programs, or both that store, process or transmit data. Systems include but are not limited to network devices, appliances, physical and virtual environments, desktop devices being used as servers, and applications. Systems hosted by third party vendors are subject to this definition.

System Owner

A full-time 51³Ô¹ÏºÚÁÏ employee who is responsible for the system, knows the function(s) of the system, authorizes access, knows who the data owners are, and understands what data the system stores, processes, or transmits.

Technical Administrators

Individuals who manage the system as the system owner or on behalf of the system owner. Technical Administrators have administrative privileges (e.g., adds users, updates operating systems, defines roles, configures the application) and may be responsible for system, application, or user security. Technical Administrators may also be known as Application Administrators, System Administrators, Network Administrators, Database Administrators, etc.