University Information Security and Privacy
Technology changes on a daily basis. It allows students, faculty and staff to leverage innovations that help us all work faster, smarter and achieve more.
Yet with the increase in technology comes the threat to valuable information. In an effort to protect the information of students, employees, alumni and friends, Bentley created the Enterprise Data Security office to address policy, process and compliance issues surrounding data security.
Protecting data at Bentley will be addressed in five major phases. They include:
- Identifying Sensitive Information. Not all data are equal; to help with the process of identifying what information is considered confidential, Bentley created a Data Classification Policy which breaks out data into four major categories.
- Providing Rules for Data Usage. Understanding how to access and store highly confidential information vs. unrestricted information is also critical to keeping information safe. To assist with this process, rules on how to store and use data properly are also detailed in Bentley's Data Classification Policy.
- Reviewing Data Collection Practices. On a routine basis, many employees receive sensitive data in both electronic and paper form. As part of Bentley's ongoing efforts to comply with new state regulations, we continue to work with various areas on Data Privacy Audits to ensure that the institution is handling all sensitive information properly.
- Retention and Destruction. Confidential data becomes more vulnerable to mishandling the longer it sits around. Data retention policies are useful documents that deal with complex issues of maintaining information for a pre-determined length of time. Please review Bentley's Retention and Destruction Policy for complete details on how long to keep information and the proper methods for destroying it.
- Awareness and Training. The university recently rolled-out an on-line compliance and training tool called MOAT, which includes Information Security Training. On a quarterly basis, the Enterprise Data Security office also sends out newsletters targeted by audience. Please visit the Awareness and Training section of this web site for historical archives, best practices and FAQs relating to the various information security tools available to the community.