Sensitive Data Inventory Procedures
This procedures document outlines how Information Technology will perform the Annual Sensitive Data Inventory and how that inventory is used to secure campus information assets.
Comments or feedback on these procedures should be directed to The Office of the Chief Information Officer at (831) 582-4700.
Scope
This procedure applies to all CSUMB departments.
Annual Sensitive Data Inventory
Each year (as required by CSU Policy) CSUMB will perform a Sensitive Data Inventory to determine those departments and locations where Level 1 and Level 2 information assets are stored. This inventory will encompass both physical and electronic records.
Inventory Results
The results of the annual inventory will be coordinated by the Office of the CIO and used to determine what measures may be necessary to ensure the security of sensitive data across the campus. The Director of IT Compliance and Planning will meet with the head of each department identified as storing sensitive data to assess how to secure those information assets. These measures may include (but are not limited to):
- Physical security for printed materials
- Disk encryption for electronic materials
- Removal of data from workstations, laptops, or other electronic devices
- Destruction of records according to CSU Records Retention Schedules
- Installation of Identity Finder
Periodic Review
The University Chief Information Officer/Information Security Officer shall conduct an annual review of the Sensitive Data Inventory Procedures to ensure that it remains appropriate and relevant.
Last reviewed/updated
06/21/2019 by Chip Lenno, CIO/ISO