The College of St. Scholastica Personal Computer Security Standard
Screen Saver Password
All personal computers will be delivered with the screen saver password configured to activate after 15 minutes of inactivity.
All data will be removed from personal computers when they are removed from service. This is accomplished either by using disk sanitation software meeting the Department of Defense security standarad or through physical shredding of drives. It may be done on campus or by a certified vendor.
Confidential Data is defined in the Minnesota state statute. It states that confidential data is defined as an individual's first name or first initial and last name in combination with any one or more of the following data elements when either the name or the data elements is not encrypted:
Social security number
· Drivers license or Minnesota identification card number
· Account number or credit or debit card number
No confidential data is allowed to be stored on personal computers or portable devices except as described below.
Portable computers where confidential data may be stored on the hard drive
When confidential data is required for work purposes on portable computers, full encryption will be installed.
A portable computer is defined as a personal computer that is mobile such as a laptop, tablet, netbook, or similar device.
Encryption: Full disk encryption software will be installed on each hard drive prior to use as per IT Security Profile standards. The encryption software requires an additional password at start up.
Forgotten passwords can be reset by Information Technologies through an interactive process.
Sample devices: flash drives, iPods, external hard drives
Encryption: All college data stored on external devices will be encrypted and password protected.
No confidential data will be stored on mobile phones
Mobile phones should be password protected if any college data is stored on the device (i.e. College e-mail). Most phones also have the ability to encrypt the contents on the phone and this should be considered. If you receive work email on your phone you should contact Information Technologies immediately if the phone is lost or stolen.
Lost or Stolen devices
Information Technologies must be notified immediately of the loss or theft of any device containing college data.
Updated: April 2010
Point of Contact: Lynne Hamre, CIO, or Mike Hanson, IT Security