Information Security & Data Handling

A successful information security program relies on the shared responsibilities of many individuals within the organization to safeguard University information resources. Below are selected resources to assist members of the University community in maintaining information security at UNC Charlotte.

STANDARDS & GUIDELINES

Information Security is guided by University Policy 311, Information Security and the internationally recognized ISO/IEC 27002 code of practice. Standards and guidelines support University Policy 311 as follows:

  • Standards outline the minimum requirements designed to address certain risks and specific requirements that ensure compliance with Policy 311. These provide a basis for verifying compliance through audits and assessments. All units must comply with the standards by following prescribed procedures or by developing unit-specific procedures that meet or exceed the minimum requirements established by the standards.
  • Guidelines offer general recommendations or instructions that provide a framework for achieving compliance with standards. They are more technical in nature and are updated on a more frequent basis to account for changes in technology and/or University practices.

Guideline for Data Handling

Provides guidance for protecting university information resources from unauthorized access or disclosure.  The goal is to assure that every member of the UNC Charlotte community can identify non-public data and follow appropriate security precautions to protect the data so as to avoid compromising the privacy rights of others or UNC Charlotteā€™s institutional rights or obligations.


EMPLOYEE CHECKLIST FOR INFORMATION SECURITY

Acts as a guide to assist individuals in safeguarding University information resources in an appropriate manner.  More detailed information may be found in the Standards and Guidelines associated with University Policy 311 Information Security.


Education
  • Security Awareness Training
  • Two-Factor Authentication
  • Phishing
  • Reporting a Security Incident

FERPA Guidance and resources

records retention and disposition