Information Technology General Controls Policy

  1. Access to computing and telecommunications facilities are restricted at all times. Only SRSU OIT authorized staff are permitted in the facilities. Users outside IT and vendors are not permitted in the facility unless accompanied by an authorized SRSU OIT system administrator.
  2. Administrative systems are password protected and the system is configured to force password changes every 60 days. Data owners control access to data through detailed user profiles. The owners of data are as follows:
    • SIS--Student Data: Registrar
    • FRS--Financial Data: Controller
    • HRS--Human Resource Data: Director of Human Resources
    • ADS--Alumni Data:  Director of Development

    To secure access to any of these systems, users are required to contact the appropriate data owner and request authorization for access to the data.  Accounts are built by OIT based on the data owner request for access.

  3. Backups of administrative data are performed on a nightly basis. Copies of the data are stored in an off-site vault.
  4. The university maintains a three-year equipment replacement plan for technology. This ensures that the hardware and software systems of the university are kept current.
  5. The university maintains an Internet gateway that monitors traffic by protocol and provides both quality of service by protocol as well as the ability to block services. With this system, file sharing protocols such as Kaaza are blocked from entering or exiting the campus network. Use of file sharing protocols such as Kaaza are a violation of university policy.
  6. A 24/7 network management system monitors up time and access to primary servers on the campus ensuring that state of systems is communicated to system administrators and management.
  7. A comprehensive business continuity plan for information resources has been developed and is in the process of review and implementation. This document defines criticality of systems; procedures for recovering from loss of data, hardware, facilities or loss of life; unit business plans for recovery; and detailed response teams and contact lists.
  8. The university maintains an annual subscription to virus protection software for all workstations and servers on campus to minimize loss of productivity and loss of data integrity.
  9. Each biennium, a full hardware and software audit is conducted campuswide to ensure compliance with copyright and software licensure agreements.
  10. The university maintains written policies regarding use of state property and data; computing and network usage guidelines; copyright enforcement; and web publishing guidelines. See the Administrative Handbook for copies of these policies.