Document 12141095

Data Security and Stewardship Committee
Cordelia Camp 101a
Thursday – November 20, 2008
Present Pam Buchanan, Steve Christison, Lisa Gaetano, Larry Hammer, Debbie Justice,
Mary Ann Lochner, David Onder, Bil Stahl, Scott Swartzentruber, and Leila Tvedt
Absent Scott Koger and Mike Stewart
Recorder Jenny Owen
Handouts and Other
Related Material
General Updates
Data Security Procedures Related to the Data Security and Stewardship Policy
Policy 93: Electronic Mail Policy
UNC General Records Retention and Disposition Schedule
 At the UNC CAUSE Conference, Bil Stahl learned that the state auditor's office is
now offering forensic services for computers.
 Systems and Operations staff members are working on their process for
implementing the new password policy. Steve Christison asked if it was possible to
have the new password policy correspond with the frequency for changing the
Banner password. Stahl said we would try our best to keep everything as uniform as
 In answer to Christison’s question about where the university is with selecting
encryption software, Stahl replied that no standard encryption software has been
selected. Swartzentruber said vendors were being considered for providing wholedisk encryption.
 The committee briefly discussed the shortage of disk storage. Stahl said several
different storage options were being looked at. He added that he had proposed to
Dr. Carter and Chuck Wooten that folks be required to include, in their yearly
budget requests, any anticipated needs for large amounts of new storage.
 Scott Swartzentruber gave a brief summary on the IT audit.
o One of the biggest issues will probably be that our IT Disaster Recovery Plan
isn’t up to date.
o Auditors focused on finance systems and what our processes were.
o Network scans were performed on various servers.
o Auditors walked through several network wiring closets.
o Auditors performed scans on Oracle (the back end of Banner).
 Compared to other state agencies and schools, Swartzentruber thought we should
“come out pretty well.” Stahl added that having this committee in place was helpful
to the audit. The auditors’ report is expected by the end of December. We have
90 days to respond to any findings in the report after the public portion of the
report is published on their website on January2.
 The committee had a lengthy conversation about security for paper records. There
are two issues with purchasing an enterprise-level imaging system to scan paper
records—money and the lack of a policy.
 Larry Hammer reported on their document imaging system.
o They are in the process of trying to upgrade the software—it’s about three
versions behind.
Action Items
They have ordered the module that allows importing of documents.
Currently, the imaging system only scans hard copies.
There is another add-on tool that can redact social security numbers on
stored images.
 Stahl handed out the Data Security Procedures Related to the Data Security and
Stewardship Policy document that Leila Tvedt revised. Stahl asked committee
members to look it over and provide him or Tvedt with feedback.
 Stahl is still working on revising the email policy. He said he hoped to get a draft of
the policy to this committee before the next meeting.
 Stahl plans to meet with Systems and Operations to talk about renaming the H:
drive to something more descriptive that will help the campus community to be
aware that the H: drive is secure.
 Jenny Owen will arrange to have the UNC General Records Retention and Disposition
Schedule posted on the Data Security and Stewardship Committee’s webpage.