GUIDELINES FOR DEPARTMENT HEADS & DATA CUSTODIANS
As part of Smith's strategic initiative on information security, ITS has asked the head of each adminstrative department to review departmental procedures for handling and storing legally-protected Personal Information (PI) data.
In support of this process, department heads have been asked to submit the following two documents to Ben Marsden, ITS Director of Systems & Network Services, by March 31, 2011:
- Department PI Data Risk Assessment Summary Report
- Department PI Data Location Spreadsheet
The list below shows one possible sequence of steps department heads may follow to complete this task, but departments are free to choose their own variations.
Use a department meeting to launch the information security data-collection phase.
Review the goals of the initiative as needed and ask each staff member to complete the Individual PI Data Risk Assessment Checklist (PDF).
Remind each staff member that instructions for finding their Computer Identifier are available on the Security web page.
- Collect individual checklists from each staff member and consolidate the information they contain to complete the Department PI Data Risk Assessment Summary Report (PDF).
- Review the individual checklists to determine which staff members have legally-protected Personal Information (PI) data stored on the hard drive of their desktop or laptop computer.
- Follow up with any PI-data-holders to complete the required fields in the Department PI Data Inventory Spreadsheet (Excel document).
- Submit the completed Information Risk Assessment Summary Report and PI Data Location Spreadsheet to Ben Marsden by March 31, 2011.