Body
PURPOSE
Pacific University has adopted this Workstation Security and Use Policy to ensure the confidentiality, integrity, and availability of all Protected Data we create, receive, maintain, or transmit as required by federal or state regulatory requirements, including but not limited to FERPA, GLBA, HIPAA, PCI, and other regional or local applicable laws and requirements.
University colleges, schools, and departments should follow these procedures to comply with the Workstation Security and Use Policy, Policy Number POL-UIS4517.
PROCEDURE
UIS has established Workstation Use and Configuration Guidelines to safeguard Protected Data.
- Users’ workstation access may be reviewed as part of an Information Security Audit for items such as
- to verify an unauthorized account granting access to the workstation has not been created
- confirm configuration settings have not been altered or changed that may grant unauthorized access to data
- confirm the workstation is encrypted or, if feasible, verify Protected Data is not stored on non-encrypted workstation.
- Application Specialist or designee will request and install privacy screens where necessary.
- Primary workstation owner verifies that the computer management system is maintaining the operating system critical updates and anti-virus software or reports a problem in a timely manner to the Technology Helpdesk.
- Prior to installing software to a workstation contact the Technology Helpdesk and request a security review. Software failing to comply with the Workstation Configuration Standard should, if allowed, be documented using the exceptions process.