Properly securing, managing, and storing data is an essential part of our security profile at Chico State.
Here are resources to help you securely manage and store sensitive data as well as information on the policies, standards, and practices campus personnel need to follow.
CSU Policy and Standards
Our data handling practices are governed by CSU policy and standards. Please see the following. CSU Information Security Policy and Standards:
Data Classification and Protection Standards
Data is classified in three levels. Data handling practices can vary based on the classification level. Level 1 is confidential data and is the most restricted, Level 2 is internal use data and is also restricted, Level 3 data is general and can be made publicly available.
Data Classification and Protection Standards.
Data Privacy Policies and Standards
Chico State respects the privacy of faculty, staff and students, and is committed to protecting it by complying with CSU system-wide information security and privacy policies, and as subject to applicable state, federal - and increasingly - global policies through the European Union's General Data Protection Regulation (GDPR) standard. Data Privacy Policies and Standards: https://www.csuchico.edu/isec/privacy-policy-page.shtml
Data Security & Records Retention
Data needs to be properly secured based on its content and data classification level. Records need for follow the Records Retention Schedule or retention and disposal. Records Retention and Disposition Schedule: https://www.csuchico.edu/registrar/records-retention/index.shtml
Device Sanitation and Disposal
Devices that store data such as workstations, tablets, and USB drives need to be properly sanitized and disposed when they are transferred or marked for sale or destruction. Electronic Device Disposal and Transfer Procedures : https://support.csuchico.edu/TDClient/1984/Portal/KB/ArticleDet?ID=8732
Secure File Storage and Sharing
Information on how to properly store and share data at Chico State is available on the following site. Data storage and Sharing: https://www.csuchico.edu/isec/data-protection/index.shtml
Mobile Device Security
Best practices and information on how to properly secure mobile devices is available on the following site. Mobile Device Security: https://www.csuchico.edu/isec/resources/mobile/mobile-device-security.shtml
Annual Access Review
Access to Level 1 data needs to be reviewed annually to decide to continue to allow access or to remove access that is no longer needed.
CSU Access Control Standard (Annual Access Review requirement): https://calstate.policystat.com/policy/11773867/latest/#autoid-mekjg
Report a Security Incident, Unauthorized Access, or Data Leak
Contact the IRT Information Security Office to report a security incident, unauthorized access, or data leak. Report a Security Incident, Unauthorized Access, or Data Leak: https://support.csuchico.edu/TDClient/1984/Portal/Requests/ServiceDet?ID=10202
Information Security Office (ISEC)
For information security questions, consultation, or assistance, contact the Information Security Office by emailing isec@csuchico.edu or by submitting a ticket to isec-help@csuchico.edu
More information can be found on our website: https://www.csuchico.edu/isec/