|Document Title||Electronic Information Security Policy|
|Office/Unit||Information Technology Services|
June 2, 2004
|Approved by||President's Cabinet|
June 2, 2004
The purpose of the policy/procedure is to protect the security of electronic information and to protect the confidentiality and integrity of confidential information. All individuals who are authorized to use the e-mail systems of SUNY Fredonia must be familiar and compliant with this policy.
SUNY Fredonia encourages the business use of e-mail for the efficiency of operations. The e-mail system and all the messages generated by e-mail, including backup copies, are part of the business infrastructure of SUNY Fredonia, are owned by SUNY Fredonia, and are not the property of the individuals who use the system.
Right to Monitor, Audit, Read
In keeping with provisions outlined in the SUNY Fredonia Computer and Network Usage Policy, SUNY Fredonia reserves the right to monitor, audit, and read e-mail messages.
Request for Confidential Information
The transmission of an individual’s own personal information via electronic mail (e-mail) to an external network is permitted only when the requester has been advised of the campus e-mail policy stating “SUNY Fredonia cannot guarantee that electronic communications will be private.” If, after advisement, the requester agrees, the personal information may be e-mailed.
The transmission of confidential information requested by another individual (other than self) via electronic mail is not permitted to off-campus locations.
On-campus electronic mail transmission are reasonably secure, due to the higher level of security provided by switched network interfaces and the dual-level anti-virus security built into the SUNY Fredonia e-mail gateway and managed anti-virus desktop systems, as well as user compliance with the Physical Information Security Policy.
The transmission of confidential health information via electronic mail (e-mail) is not permitted.
Sites, such as Banner, that accept confidential information input must be password protected and allow for encryption/secure communications. The servers hosting confidential information must be protected with SSL (Secure Sockets Layer) certificates, such as Verisign.
Confidentiality and Information Security
File Transfer Protocol (FTP)
Transferring information to an external third party such as New York State Higher Education Services Corporation, the Federal Government, M&T Bank, and Standard Register, among others, will always utilize an encrypted and secure transmission method either outlined by Information Technology Services (ITS) or specified by the provider and approved by ITS.
Passwords are access keys, help to prove you are who you say you are, and help to ensure your privacy. Compromised passwords provide access to systems for unauthorized personnel. For that reason, SUNY Fredonia computer users are encouraged to create and use strong passwords in accordance with the following password integrity guidelines: