Strengths

Responsible

Party

Priority

Opportunities

AIS Account Request Process

BOC

3

Develop AIS Account modifications process for when job responsibilities change – we tend to add on but not take away

BOC

2

Audit of current employee AIS data privileges

BOC

4

Forced password maintenance for AIS systems (e.g. Banner, R25)

AIS Account Termination Process

BOC

1

Refine process that identifies terminated employees – time lag between last work day and termination status update

Confidentiality Agreement within the Information Security Policy

Include review of Confidentiality Agreement by all new employees during In-processing.

Have all new employees sign Confidentiality Agreement that will then be stored in their payroll file.

Privacy Policy updates regularly sent to current employees for review

On-going education of Best Practices for use and disclosure of institutional data

SSN not used as MUID

Remove SSN and other Personally Identifiable Information (PII) from extraneous business forms where they are non-essential data elements

“Secure” document shredding via commercial document disposal  service contract

Increase use of  “secure” document shredding

Develop a clear and concise document/data  retention administrative procedure(s)

Provide customer with control of disclosure of directory information via the Confidentiality Indicator

BOC

5

Clearly delfine our Interpretation/Use of the Confidentiality Indicator in Banner

Develop Privacy Statement for web sites that collect PII

Incorporate PII privacy statement on all websites that collect data

Ability to implement PII enhancement in Banner

BOC

7

Implement PII enhancement functionality in Banner

BOC

6

Minimize the collection points of PII