 |
| Information Asset Management Supplemental Policy |
Number: 8065.0 Revised: August 15, 2010 |
The Information Security Officer will maintain an inventory of all known information assets containing Level 1 and Level 2 data. Such assets must be categorized and protected throughout their entire life cycle, from origination to destruction.
The designated owner of information assets that store protected data, working in concert with the Information Security Officer, is responsible for:
- Classifying the information asset according to the Sacramento State Data Classification Standard.
- Managing security controls over such data according to campus standards, including reporting discrepancies and problems promptly to the Information Security Officer.
- Managing the information asset according to the requirements described in the campus Information Asset Management Standard.
Such data must not be transferred to another individual or system without formal approval of the authorized data owner. Before Level 1 or 2 data may be transferred, the data owner must complete the approved Data Authorization Process to establish written agreements ensuring that authorized users implement appropriate security controls over any transferred data.
All computer and network devices must be disposed of using the Disposition of Protected Data process as established by the Information Security Officer.
Back to to Sacramento State Information Security Policy Website