Published: October 2013
Revised: September 2016, November 2014
This Policy describes the requirements for security controls to protect Systems that process, transmit and/or store Data (as each is defined in the Columbia University Information Security Charter (the “Charter”) http://policylibrary.columbia.edu/information-security-charter. Such requirements differ depending on whether such Data is Sensitive Data, Confidential Data, Internal Data or Public Data (as each is defined in the Charter).
Any System that processes, transmits and/or stores Data must be registered in accordance with Section III(A) and have the minimum protections set forth in Section III(B) and, if applicable, Sections III(C), (D), (E), (F), (G) and/or (H), in each case for the most restricted class of Data that is processed, transmitted or stored on such System.
Capitalized terms used in this Policy without definition are defined in the Charter.
II. Policy History:
The effective date of this Policy is November 1, 2013. This Policy and the other Information Security Policies replace the following University Policies:
and the following CUMC Policies:
III. Policy Text
To see the full text of this policy, please use the link on the right.