Data Security and Stewardship Committee Cordelia Camp 101A Wednesday, April 13, 2011 Present Shea Browning, Pam Buchanan, Steve Christison, Craig Fowler, Lisa Gaetano, Larry Hammer, Debbie Justice, Scott Koger, Anna McFadden, Zeta Smith, and Mike Stewart Absent Scott Swartzentruber and Kay Turpin Guests Barry Bidwell, Brandy Henning and Anna McFadden Recorder Jenny Owen Handouts 3-9-11 DSSC Minutes Approval of Minutes The minutes from the March 9, 2011, Data Security and Stewardship Committee (DSSC) meeting were approved with one change: oversight of certificates of destruction from disk degaussing will be changed from the Internal Auditor’s Office to the CIO Office. Baseline Access Shandon Bates gave an overview of baseline system access that people receive: o Human Resources assigns a 92 number. o After a 92 number is created, HR submits a ticket into SharePoint to have an Active Directory (AD) account created. o With AD credentials, individuals can log onto the network to access items such as wireless, basic VPN and email. Depending on what information is provided, a group Mercury account can also be created. Upon request, a personal Mercury share folder and PAWS account can be created. o If an individual is set up as an employee in Banner, that individual can get access to Self-Service Banner (SSB). o INB (provides access to Finance, Requisitions, etc.) is not granted automatically—supervisors must request access for their employees. o Consultants go through the same process to acquire a 92 number; however, they don’t get access to Banner-they are only granted a domain account. Action Items Craig Fowler asked Bates to create a flow chart or process chart that outlines the steps to obtaining system access and the types of access that are (or are not) granted. The chart will be organized by faculty, students, staff, guests, etc. Debbie Justice suggested the chart tie to the table at the end of Policy 95. Bates requested that Jeff Tatham be invited to co-present with Bates. Update - Policy 93 Electronic Mail Koger commented that an older version of Policy 93 (with references to forwarding email) was still posted on the Chancellor’s web page. DSSC members had a lengthy discussion about the issue of what email to archive and how and where to store archived emails. Suggestions: o At the end of Policy 93, add a reference to “ask your supervisor” or refer to Policy 108. o Add information on how to create and store pst files. o Add a disclaimer to “follow your department’s specific archive guidelines.” o Identify best practices to share with the Help Desk. o Give pointers about where to find procedural things. o Direct people to Policy 108 for information about what should be retained. o Hammer suggested adding a statement to Policy 93 that says other email systems will not be used for university business. Agenda Items for next meeting The discussion on Policy 93 will be carried over to the next DSSC meeting on May 11. Discussion of data handling procedures will be carried over to the May DSSC meeting. Lisa Gaetano will ask Mary Ann Lochner about the status of presenting the data gathering letter to Executive Council for their approval to go forward with sending it out. Hammer asked for a review of how 92 numbers are provided to people (so they can claim their accounts). Fowler asked if Active Directory rules can be forced for MyCat.