Policy Statement
Information Systems (IS) designs, builds, maintains and administers the Eastern Mennonite University (EMU) campus network. Certain data security procedures are used to ensure that administrative data and technology resources are protected from vulnerabilities, and any device connected to the campus network is identified as to its type and user(s).
Policy Specifics
The EMU campus data network is subdivided into network segments to provide different network services depending upon the user’s role. Administrative data and technology resources are limited only to connections with authenticated users and devices that are authorized to access these data and resources. A Network Access Control (NAC) system is used to gather information about any device connected to the network. This information will identify the type of device connected to the network and its user.
Network Access Control Procedures
-
EMU uses a network access control (NAC) system to control all user devices connected to the EMU campus network and to identify and authorize all users of devices connected to the network.
-
EMU’s network is divided into segments, including those for these roles:
- Guests/Students (using their personally owned devices)
- Labs and classrooms (for students using EMU-owned computers)
- Faculty/Staff (for employees using EMU-owned computers
- Special Purpose (for EMU-owned utility systems, e.g. HVAC, door access, security controls, etc.)
-
EMU’s network segments have security measures in place to protect users and systems from inappropriate access (e.g., guests do not have access to administrative systems).
Network Security Procedures
- The NAC system will be configured to ensure that all devices connecting directly to EMU-owned or controlled networks will meet a minimum standard of operational requirements for anti-virus protection and operating system types and security standards.
-
All persons who have non-guest access to the EMU campus network may be regularly prompted read and agree to the provisions of the Technology Code of Responsibility.
Data Backup Retention Specifications
IS protects all user data stored on EMU-owned systems from destruction and data loss, except as indicated below. Data files will be retained according to the retention counts for the category of data and interval specification in the following table.
|
DATA CATEGORIES
|
RETENTION COUNTS BY BACKUP INTERVAL
|
|
Daily
Backups
|
Weekly
Backups
|
Monthly
Backups
|
|
SIS Databases
|
7
|
4
|
12
|
|
Network File Storage
|
7
|
4
|
12
|
|
Other data on EMU’s network
|
7
|
4
|
12
|
Files and emails stored in G Suite are protected from destruction, data loss, and unauthorized access. Files and emails deleted from G Suite may be restored for 365 days following their deletion.
IS procedures ensure that the data backup files are protected from destruction, data loss and unauthorized access and that they are available, if needed, for recovery from a catastrophic failure of the primary storage devices.
Data Backup Repositories
Data backup occurs daily. Incremental backups are performed six days per week with a full backup on the seventh.
Backups are stored on multiple types of media, including disk and tape, which are housed in multiple buildings on campus to increase the likelihood that backed-up data would withstand a disaster.
Secondary copies of all retained data are made quarterly and stored off-site in a safe deposit box. The quarterly backup procedure also includes device configurations, equipment lists and other documentation necessary for rebuilding servers, network, and data storage equipment in the event of a disaster.
Responsibility and Review
Responsible Party
Responsibility for this policy lies with the provost. Policy implementation is the responsibility of Information Systems leadership.
Policy Review
This policy is to be reviewed by the Provost's Council.