Answer:
* What confidential personal information (e.g., Social Security numbers) do we store on our servers? Do we minimize use of SSNs to the extent feasible? Could we use another identifier, such as MSU PID numbers instead?
o If we do need to store confidential data such as SSNs locally, how secure are the servers that house the information?
* Instead of storing personal confidential information locally, could we do business in some other way? Could we eliminate those confidential data elements from our local databases? Could we instead routinely access data as needed from University data services (thus obviating the need for the local copies)?
* Have all personnel within the unit been adequately trained in University data security requirements and applicable state or federal laws and regulations (e.g. FERPA, HIPAA, Gramm-Leach-Bliley Act)?
o If we do need to store confidential data such as SSNs locally, how secure are the servers that house the information?
* Instead of storing personal confidential information locally, could we do business in some other way? Could we eliminate those confidential data elements from our local databases? Could we instead routinely access data as needed from University data services (thus obviating the need for the local copies)?
* Have all personnel within the unit been adequately trained in University data security requirements and applicable state or federal laws and regulations (e.g. FERPA, HIPAA, Gramm-Leach-Bliley Act)?
| Previous Question | Next Question |
| Network Security questions | Disaster Recovery Planning questions |