Effective Date: October, 2013
This Policy describes the requirements for security controls
to protect Endpoints that process, transmit and/or store Data
(as each is defined in the Columbia University Information Security
Charter (the “Charter”)) [http://policylibrary.columbia.edu/information-security-charter]. Such requirements differ depending on whether such Data is Sensitive Data, Confidential
Data, Internal Data or Public Data (as each is defined in the Charter). No distinction is made in this Policy between an Endpoint owned by the University or personally owned. All Information Security Policies (as defined in the Charter) will apply to a personally owned Endpoint used for University
Any Endpoint that processes, transmits and/or stores Data must be registered in accordance with Section III(A) and have the minimum protection requirements set forth in Section III(B) or (C) and, if applicable, Sections III(D), (E) and/or (F), in each case for the most restricted class of Data that is processed, transmitted or stored on such Endpoint.
Please see the link at right for full text.