STANDARD FOR DATA ENCRYPTION

 

The University of Texas at San Antonio

Office of Information Technology

Office of Information Security (OIS) Standards

 

OIS 10 – Standard for Data Encryption

 


I. STANDARD STATEMENT


Data encryption is a process of securing computer files by instituting safeguards that make the files unreadable to everyone except for the holder of the encryption key. Data encryption is required on all laptops owned by UTSA.

 


II. RATIONALE


This standard supports HOP Policy 8-12 Information Resources Use and Security Policy

 


III. SCOPE



This standard applies to all UTSA faculty, staff, and students.

 


IV. CONTACTS


If you have any questions about OIS 10 – Standard for Data Encryption contact the following office:

 

The Office of Information Security

informationsecurity@utsa.edu

 


V. PROCEDURES  


1. Encrypting UTSA-owned Desktops?

 

    1. All High Risk Desktop Computers owned, leased, or controlled by the University must be Password protected and encrypted using methods approved by the Institution's Information Security Officer.
    2. All desktop computers purchased after September 1, 2013 must be Password protected and encrypted using methods approved by the Institution's Information Security Officer before their deployment.

       

2. Encrypting UTSA Laptop Computers and Other Mobile Devices. 

    1. All laptop computers and other mobile devices, including but not limited to mobile and smart phones, and tablet computers that are owned, leased, or controlled by the University, must be encrypted using methods approved by the Institution's Information Security Officer.
    2. USB thumb drives and similar removable storage devices owned, leased, or controlled by the University must be encrypted before storage of any Confidential University Data on the device.

       

3.  What is "Sensitive Data"?

The UTSA Office of Information Security has developed the Data Classification Standard to help you determine the sensitivity of your data. While whole disk encryption is required for all laptops, encryption and passwords are recommended for all portable devices to ensure your data is secure.

 

4. Encryption for Personally-owned Computers

       A personal owned computer must be encrypted if it contains any of the following types of University information.

      1. Information made confidential by federal or state law, regulation, or other legal agreement.  This includes, but is not limited to, data protected by FERPA, HIPAA, the Texas Public Information Act, and the
        Texas breach reporting law (Business &Commerce Code Section 521.002(a)(2)).
        Examples: education records, patient medical treatment and payment records, Social Security Numbers, credit card numbers.
      2. Federal, state, university, or privately sponsored research that requires confidentiality or is deemed sensitive by the funding entity.
      3. Any other information which has been deemed by the UT System or a UT System institution as essential to the mission or operations of System to the extent that its integrity and security should be maintained at all times.

 

5. "University information" means all recorded information created or received by or on behalf of the University (or System) that documents activities in the conduct of state business or the use of public resources. This includes all information generated by a University employee in the course of performing his or her duties regardless of whether it was created and/or located on a personal device owned by the employee.

 

6. Now Available: Encrypted Portable Devices
There may be occasions when you need to transport sensitive data. Because of the risk of exposure, this data must be encrypted. The UTSA Office of Information Security distributes encrypted flash drives for faculty and staff members who need a secure way to transport sensitive data. Find out more on the Encryption for Portable Devices page.

 

 

______________________________________________________________________________


Effective Date: January 1, 2014
Last Revised: March 16, 2016

<< Back