Effective Date: October, 2013
This Policy describes the requirements for security
controls to protect Systems that process, transmit and/or store Data (as each is defined in the Columbia University Information Security Charter (the “Charter”) http://policylibrary.columbia.edu/information-security-charter. Such requirements differ depending on whether such Data is Sensitive Data, Confidential Data, Internal Data or Public Data (as each is defined in the Charter).
Any System that processes, transmits and/or stores Data must be registered in accordance with Section III(A) and have the minimum protections set forth in Section III(B) and, if applicable, Sections III(C), (D), (E), (F) and/or (G), in each case for the most restricted class of Data that is processed, transmitted or stored on such System.
Please see link at right for full text.