Thompson Rivers University
Information Security Standards
The following Standards have been approved by the TRU Information Security Committee and apply to all staff, faculty, and third parties who access University Information.
High level direction for secure storage, transmission, and disposal of University Information based on three classification levels; Public, Internal, & Confidential.
The Breach Protocol provides guidance on the steps that TRU will follow when there is evidence that confidential information has been accessed without authorization. Examples of when the Breach Protocol should be used include, loss or theft of any device containing confidential information, loss or theft of any paper files containing confidential information, or when there is evidence of unauthorized access to any system or file where confidential information is stored or accessed.
Guidance on minimum password strength and usage for TRU systems.
SmartPhones such as BlackBerrys and iPhones which are used to access University systems such as email, require a number of unique security measures. The Information Technology Services division will enforce these standards where possible, but all users of these devices are required to meet these standards.
A standard addressing Notebooks, Netbooks, USB Flash Drives, and any other mobile storage media.
MFDs now combine printing, fax, scanning, email, and copy functions and include the ability to store and share large amounts of data over networks. This standard addresses the minimum configuration to meet the University's security requirements.
These Data Standards guidelines establish measures for the protection, access, and use of TRU’s data that is electronically maintained on the Banner system. The guidelines also define the responsibilities of users who input and access that data. Divisions and departments will have procedures that are consistent with and supplement these guidelines, but do not replace or supersede these guidelines. When divisional or departmental situations arise that reveal the necessity to review these guidelines, the Data Standards Working Group will be convened to review and recommend solutions.
This standard establishes the process for creating and maintaining “Generic/Shared Accounts” for network and system access. A Generic Account is an account that is not derived using the Faculty, Staff or Student naming convention. There is no corresponding real user associated with a generic account.