Data Security Policy
Policy
1. Data Protection
Business ERP Financial Data and Academic SIS system data are considered business critical data and the work-related files (Word documents, Excel worksheets, PowerPoint presentations and graphic related files etc.) are considered business critical data. These files are to be stored only in the shared folders of the network. The shared folders in the network are secured and protected, to avoid any disaster and backed up on a daily basis to avoid any data loss in order to ensure business continuity.
2. Shared network drives:
In order to safeguard the data; all the files have to be stored only in the shared folders as mentioned below.
-
Department Folders (Y: Drive): Files stored in this drive will be accessible only to that particular department. Thus providing the flexibility for the users to share the information within the department.
-
Public Folders (Z: Drive): Files stored in this drive will be accessible to all the UD staff in order to share the information with other departments in the organization. Each department will have full control on their respective folders and others would have View/Read access.
3. Backup Policy:
The IT services ensure that backups for all systems are created on a daily, weekly, monthly and yearly basis. Daily incremental backup tapes have a 4-week write protection. Weekly Full Backup tapes have a 4-week write protection. Monthly Full Backup tapes have a 1-year write protection. Yearly Full Backup Tapes have a permanent write protection. A detailed schedule of backups is shown in Appendix I. All the tapes are stored in a fire-resistance safe.
4. Security Measures
The IT Services manager ensures that appropriate security measures are taken in order to protect the integrity and confidentiality of all UD systems, and networks.
A. Internet Security
Web and application firewalls are in place to control & monitor the internet usage through the university’s internet connection and intranet.
B. Firewalls
The IT network perimeter security is protected through industry Data Center standard core firewall devices. Only required ports are enabled for communication and they are constantly monitored.