New Information Security Standards approved for the University community

One of the top priorities of the Information Security Standing Committee is the creation of Information Security Standards that serve to guide the University community on how best to secure the technology that accesses, stores, processes, or transmits University data.

The third group of University-wide Information Security Standards approved by this committee in February of 2022 are as follows:

Security Standard for General Information Systems

This standard outlines how University systems shall be configured based on the level of sensitivity of the data stored, processed, or transmitted via those systems.

• OHIO Community Impact: All members of the University community have a responsibility to know what sensitive data is, the sensitivity level of the data they work with each day, and ensure that system administrators know the sensitivity of data stored, processed, or transmitted on a given system.

Information Security Risk Assessment Standard

This standard outlines the process for assessing risks associated with University data and information systems as well as the process for documenting and communicating such risks to University leadership.

• OHIO Community Impact: All members of the University community have a responsibility to participate in the risk assessment process as applicable.

Information Security Risk Management Program (ISRMP) Strategy

This standard outlines the cadence by which risk assessments shall be performed in accordance with the data sensitivity processed by a University system or unit. 

• OHIO Community Impact: All members of the University community have a responsibility to know what sensitive data is and their responsibility for participating in this process according to the cadence outlined within this standard.  

Third-Party Vendor Management Standard

This standard outlines the process by which software vendors are reviewed to ensure that their data security practices are adequate to effectively protect University data stored, processed, or transmitted via a cloud-hosted vendor.

• OHIO Community Impact: Participate in the technology review process by completing a Request for Review Form for any utilized software.

Virus-Malware Protection Standard

This standard outlines the requirement that all devices used for collecting, creating, storing, processing, or distributing University data must have antivirus/malware software installed and actively check for viruses at regular intervals.

• OHIO Community Impact: All members of the University community have a responsibility to report and remediate any viruses or malware identified by the software.

All Information Security Standards have an exception process, should an individual or unit have circumstances preventing them from complying with a Standard.

The Ohio University community is encouraged to read the full Information Security Standards and understand their impact. Additionally, the Information Security Office is hosting a Standards question and answer session on April 29, 2022, at 1 p.m. Interested participants can register for the question and answer session by sending an email to security@ohio.edu.

For more information, see this Office of Information Technology webpage.