Data at Rest Policy
Version 1.0.2
Purpose
The purpose of this policy is to govern how University data is stored.
Scope
This policy applies to all data stored by all employees, contractors, consultants, temporary, and other workers at the University including all personnel affiliated with third parties conducting University business. All data covered by the scope of this policy will be classified as Fordham Protected data, Fordham Sensitive data, or Fordham Public data.
Policy Statement
- Fordham Protected data, Fordham Sensitive data, or Fordham Public data must be stored according to the Data Classification Guidelines.
Related Policies and Procedures
- Acceptable Uses of IT Infrastructure and Resources Policy
- Data Classification Guidelines
- Data Classification Policy
- Data in Transit Policy
- Disk Encryption Policy
- University Mobile Device Management Policy
Implementation Information
| Review Frequency | Annual |
|---|---|
| Responsible Person | Director, IT Risk and Data Integrity |
| Approved By | CISO |
| Approval Date | May 22, 2018 |
Revision History:
| Version | Date | Description |
|---|---|---|
| 1.0 | 01/23/2017 | Initial policy. |
| 1.0.1 | 02/07/2018 | Minor edits pointing to existing policies and the renamed Acceptable Uses of IT Infrastructure and Resources Policy. There are no substantial changes to this policy |
| 1.0.2 | 05/22/2018 | Updated disclaimer statement |
| 06/09/2020 | Periodic review. No changes. |
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.