LUTC Physical Workstation Security Measures

 1.0 Purpose
The purpose of these measures are to provide guidance for physical workstation security for Lincoln University workstations in order to ensure the security of information on the workstation and information the workstation may have access to. Additionally, these measures provide guidance to ensure the requirements of FERPA pertaining to Personally Identifiable Information (PII) protection and are meant to further enforce the security guidelines of the University’s Rules and Regulations and the University’s Acceptable Use Policy.
 

2.0 Scope

These measures apply to all Lincoln University users including, but not limited to, employees, contractors, workforce members, vendors, student workers and agents with a Lincoln University owned or personal workstation connected to the Lincoln University network.
 

3.0 Appropriate measures

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information, including personally identifiable information (PII), and that access to sensitive information is restricted to authorized users. 
 
3.1 Users using workstations shall consider the sensitivity of the information, including personally identifiable information (PII) that may be accessed and minimize the possibility of unauthorized access.
3.2 Lincoln University will implement physical and technical safeguards for all workstations that access electronic personally identifiable information (PII) to restrict access to authorized users.
3.3 Appropriate measures may include, but are not limited to:
 

4.0 Enforcement

Any employee found to have violated these measures or the intent of these measures may be subject to disciplinary action defined within the Employee Handbook. 
 

5.0 Definitions

 
Personally Identifiable Information (PII): is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. 
 
Unencrypted electronic information that includes an individual’s first name or initial and last name, in combination with any one or more of the following:
  • Social Security number (SSN).
  • Driver’s license number or State-issued Identification Card number.
  • Financial account number, credit card number*, or debit card number in combination with any required security code, access code, or password such as expiration date or mother’s maiden name that could permit access to an individual’s financial account.
  • Medical information (any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional)
  • Health insurance information (an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals records)
 
Workstations include: computers, laptops, desktops, tablets, pads and mobile devices containing or accessing student information and authorized home workstations accessing the Lincoln University network.
 
Users: Any person using Lincoln University computing resources this includes, but is not exclusively limited to employees, volunteers, contractors, student workers, and students.
 
 

6.0 Revision History

  • 11/12/12 – Draft Submitted to LUTC Security Subcommittee.
  • 11/13/12 – v.2 Edits for constancy with AUP. 
  • 02/06/13 – v.3 Edits to emphasize measures to be taken and enforcement guidelines.
  • 03/21/13 – Document approved by LUTC for submission to the President’s Office.
  • 10/16/13 – President’s Office approval.