SEHD Wiki

A source for policies, procedures, handbooks and other resources from the School of Education and Human Development

User Tools

Site Tools

You are here: Welcome to the SEHD Wiki! » SEHD Policies and Procedures » Data Privacy Policies » Access Control
policy:data_privacy:access_contro

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
policy:data_privacy:access_contro [2019/05/21 19:45] tonyromeropolicy:data_privacy:access_contro [2019/06/13 17:29] (current) tonyromero
Line 3: Line 3:
 ==== University of Colorado IT Security Program Policy ==== ==== University of Colorado IT Security Program Policy ====
  
-All data and information resources of the SEHD are subject to University of Colorado's IT Secuirty Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes the requirement of minimum necessary access to data:+All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. Within the policy it describes the requirement of minimum necessary access to data:
  
 > Although students, faculty, and staff require access to University information resources for academic and business purposes, this access must be limited to what is needed for his/her work. Use of resources beyond that which is authorized results in unnecessary risks to University information with no corresponding academic or business value. > Although students, faculty, and staff require access to University information resources for academic and business purposes, this access must be limited to what is needed for his/her work. Use of resources beyond that which is authorized results in unnecessary risks to University information with no corresponding academic or business value.
  
-==== University of Colorado Denver Security Management HIPPA Policy ====+==== University of Colorado Denver HIPPA Policy ====
  
-As applicable, the most secure SEHD data are subject to the UCD Workforce [[http://www.ucdenver.edu/research/Research Administration Documents/9.4 Workforce Security.pdf|HIPPA policy 9.4]]. The policy descirbes what must be included in a unit's access control procedures.+As applicable, the most secure SEHD data are subject to the UCD Workforce [[http://www.ucdenver.edu/research/Research Administration Documents/9.4 Workforce Security.pdf|HIPPA policy 9.4]]. The policy describes what must be included in a unit's access control procedures.
  
 > The UCD Information Technology Services Department (ITS) offers central disk storage and backup services which many departments and units use for maintaining their data. While central ITS systems meet the HIPAA physical security and contingency planning requirements, departments and units must still take care to address controls for workstation security, account management, and controlling access to ePHI they create or house. > The UCD Information Technology Services Department (ITS) offers central disk storage and backup services which many departments and units use for maintaining their data. While central ITS systems meet the HIPAA physical security and contingency planning requirements, departments and units must still take care to address controls for workstation security, account management, and controlling access to ePHI they create or house.
Line 15: Line 15:
 ==== Access to the SEHD Secure Data Server ==== ==== Access to the SEHD Secure Data Server ====
  
-Only appropriately identified, validated and authorized individuals will have access to the SEHD secure datawarehouse.+Only appropriately identified, validated and authorized individuals will have access to the SEHD Secure Server.
  
 To gain access a user must complete the following. To gain access a user must complete the following.
Line 37: Line 37:
   * Remove the data user's access in the event of a breach that endangers the security of the Data Server.   * Remove the data user's access in the event of a breach that endangers the security of the Data Server.
   * On an annual basis review all user's that have access and modify or remove access as necessary.   * On an annual basis review all user's that have access and modify or remove access as necessary.
-  * Maintain an auditable trail of requests, modfication of access rights, and termination of access to the SEHD Secure Data Server.+  * Maintain an auditable trail of requests, modification of access rights, and termination of access to the SEHD Secure Data Server.
  
  
policy/data_privacy/access_contro.1558467959.txt.gz · Last modified: 2019/05/21 19:45 by tonyromero