Category: Information Technology
Responsible Office: VPCIO
Responsible Executive: J. Brice Bible
Date Established: September 10, 2021
Last Edited: November 9, 2021
The following standards support the university’s Data Risk Classification Policy and should be implemented on all technology being used to access and work with Category 1-Restricted and/or Category 2-Private university data from an off-campus location.
Security of data and systems is paramount to the academic and research missions of the University at Buffalo (UB, university). It is vital that security best practices keep abreast with telecommuting, remote work and remote learning modalities.
All UB Policies and standards apply regarding UB and UB data, regardless of work location. Members of the university who wish to access and work remotely with restricted or private data must adhere to the following standards to ensure the policies and responsibilities set forth in the Data Risk Classification Policy are being met.
It is strongly recommended that a UB-owned and managed computing endpoint be used when accessing and working with category2 data types. This type of data is involved in most university business, research or academic administrative functions (remote learners typically do not fall into this category).
Personally-owned computing endpoints used to access and work with Category 2 data must follow the UB Minimum Security Standards for Desktops, Laptops, Mobile, and Other Endpoint Devices. Owners of personal devices are responsible for ensuring adequate and appropriate security configurations including the following:
Employees are responsible for knowing and meeting policy and standards requirements, standards and guidelines regardless of work location.